diff --git a/Documentation/ldap-connector.md b/Documentation/ldap-connector.md
index 44637ba62d89dd8980c5cabc9a220c8d9155de2a..782e6a1ff8296438299fa3dd7160c8ee2dc04578 100644
--- a/Documentation/ldap-connector.md
+++ b/Documentation/ldap-connector.md
@@ -11,7 +11,9 @@ The connector executes two primary queries:
 
 ## Configuration
 
-User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). The following is an example config file that can be used by the LDAP connector to authenticate a user.
+User entries are expected to have an email attribute (configurable through `emailAttr`), and a display name attribute (configurable through `nameAttr`). `*Attr` attributes could be set to "DN" in situations where it is needed but not available elsewhere, and if "DN" attribute does not exist in the record.
+
+The following is an example config file that can be used by the LDAP connector to authenticate a user.
 
 ```yaml
 
diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index fd8f1dc3a530f9f7f10d7c8fe6a3a2002b8dc9d4..22b033aef77c54eb471d9b8ef98d40233363af4d 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -47,6 +47,9 @@ import (
 //         baseDN: cn=groups,dc=example,dc=com
 //         filter: "(objectClass=group)"
 //         userAttr: uid
+//         # Use if full DN is needed and not available as any other attribute
+//         # Will only work if "DN" attribute does not exist in the record
+//         # userAttr: DN
 //         groupAttr: member
 //         nameAttr: name
 //
@@ -285,6 +288,9 @@ func getAttr(e ldap.Entry, name string) string {
 		}
 		return a.Values[0]
 	}
+	if name == "DN" {
+		return e.DN
+	}
 	return ""
 }