diff --git a/misc/pam_authentication/ldap_authentication.sh b/misc/pam_authentication/ldap_authentication.sh
index 052458cfa709cf1fd76bb0c10394ed08904e6346..e58b5caa3e518a386169b37d1723b76418570162 100755
--- a/misc/pam_authentication/ldap_authentication.sh
+++ b/misc/pam_authentication/ldap_authentication.sh
@@ -38,7 +38,10 @@ WHO_AM_I_PATTERN="${WHO_AM_I_PATTERN:-"dn:cn=\${USER_NAME},\${USER_BASE}"}"
 # If the second argument is empty or "-", take password from stdin, else use the argument as a file.
 testpw() {
     local USER_NAME bind_dn who_am_i pwfile pwargs result
-    USER_NAME="$1"
+
+    # cn is case-insensitive https://ldapwiki.com/wiki/Distinguished%20Name%20Case%20Sensitivity
+    USER_NAME="$(echo "$1" | tr '[:upper:]' '[:lower:]')"
+
     bind_dn="$(eval "echo \"$BIND_DN_PATTERN\"")"
     who_am_i="$(eval "echo \"$WHO_AM_I_PATTERN\"")"