diff --git a/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java b/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
index 512a1bf..ae74d51 100644
--- a/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
+++ b/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
@@ -702,13 +702,7 @@ public class LdapIdentityProvider implements ExternalIdentityProvider {
             throws LdapInvalidAttributeValueException {
         ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
         if (id == null) {
-            String idAttribute = config.getUserConfig().getIdAttribute();
-            Attribute attr = entry.get(idAttribute);
-            if (attr == null) {
-                throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
-                        "no value found for attribute '" + idAttribute + "' for entry " + entry);
-            }
-            id = attr.getString();
+            id = getIdValue(entry, config.getUserConfig().getIdAttribute());
         }
         String path = config.getUserConfig().makeDnPath()
                 ? createDNPath(entry.getDn())
@@ -724,13 +718,7 @@ public class LdapIdentityProvider implements ExternalIdentityProvider {
             throws LdapInvalidAttributeValueException {
         ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
         if (name == null) {
-            String idAttribute = config.getGroupConfig().getIdAttribute();
-            Attribute attr = entry.get(idAttribute);
-            if (attr == null) {
-                throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
-                        "no value found for attribute '" + idAttribute + "' for entry " + entry);
-            }
-            name = attr.getString();
+            name = getIdValue(entry, config.getGroupConfig().getIdAttribute());
         }
         String path = config.getGroupConfig().makeDnPath()
                 ? createDNPath(entry.getDn())
@@ -739,7 +727,18 @@ public class LdapIdentityProvider implements ExternalIdentityProvider {
         Map<String, Object> props = group.getProperties();
         applyAttributes(props, entry);
         return group;
+    }
 
+    private String getIdValue(Entry entry, String idAttribute) throws LdapInvalidAttributeValueException {
+        if ("dn".equals(idAttribute)) {
+            return entry.getDn().getName();
+        }
+        Attribute attr = entry.get(idAttribute);
+        if (attr == null) {
+            throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
+                    "no value found for attribute '" + idAttribute + "' for entry " + entry);
+        }
+        return attr.getString();
     }
 
     private void applyAttributes(Map<String, Object> props, Entry entry)
@@ -817,4 +816,4 @@ public class LdapIdentityProvider implements ExternalIdentityProvider {
         log.error(msg + ((timer != null) ? timer.getString() : ""), e);
         return new ExternalIdentityException(msg, e);
     }
-}
\ No newline at end of file
+}