diff --git a/keystone/identity/backends/ldap/common.py b/keystone/identity/backends/ldap/common.py
index 6f2be75d47..6b8750baaf 100644
--- a/keystone/identity/backends/ldap/common.py
+++ b/keystone/identity/backends/ldap/common.py
@@ -1284,8 +1284,9 @@ class BaseLdap(object):
     def _dn_to_id(self, dn):
         # Check if the naming attribute in the DN is the same as keystone's
         # configured 'id' attribute'.  If so, extract the ID value from the DN
-        if self.id_attr == ldap.dn.str2dn(dn)[0][0][0].lower():
-            return ldap.dn.str2dn(dn)[0][0][1]
+        if self.id_attr == utf8_decode(
+                ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
+            return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])
         else:
             # The 'ID' attribute is NOT in the DN, so we need to perform an
             # LDAP search to look it up from the user entry itself.