Comment 5 for bug 1832766

It seems that most of our clouds use LDAP backends, which also use group_member_are_ids = false, but we do not specify a user_id_attribute.. This then falls back to the default of using the "CN" attribute.

It just so happens that Active directory entities are labeled with cn=$sAMAccountName,$user_tree_dn, and so the default code to assume user_id_attribute is the first field of the DN works in most production cases.

Suggest renaming title to "Specifying user_id_attribute that is not the distinguished name's primary key field in LDAP database fails when referencing group members if group_members_are_ids = false"