diff --git a/cmd/bucket-policy.go b/cmd/bucket-policy.go
index 5433e4ad8..2d6436897 100644
--- a/cmd/bucket-policy.go
+++ b/cmd/bucket-policy.go
@@ -174,7 +174,7 @@ func getConditionValues(r *http.Request, lc string, username string, claims map[
 			// Special case for AD/LDAP STS users
 			if k == ldapUser {
 				args["user"] = []string{vStr}
-			} else if k == ldapUsername {
+			} else if k == ldapUserN {
 				args["username"] = []string{vStr}
 			} else {
 				args[k] = []string{vStr}
diff --git a/cmd/sts-handlers.go b/cmd/sts-handlers.go
index 5b27f7f0b..89fffa71c 100644
--- a/cmd/sts-handlers.go
+++ b/cmd/sts-handlers.go
@@ -64,8 +64,8 @@ const (
 	parentClaim = "parent"
 
 	// LDAP claim keys
-	ldapUser     = "ldapUser"
-	ldapUsername = "ldapUsername"
+	ldapUser  = "ldapUser"
+	ldapUserN = "ldapUsername"
 )
 
 func parseOpenIDParentUser(parentUser string) (userID string, err error) {
@@ -543,9 +543,9 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r *
 
 	expiryDur := globalLDAPConfig.GetExpiryDuration()
 	m := map[string]interface{}{
-		expClaim:     UTCNow().Add(expiryDur).Unix(),
-		ldapUsername: ldapUsername,
-		ldapUser:     ldapUserDN,
+		expClaim:  UTCNow().Add(expiryDur).Unix(),
+		ldapUser:  ldapUserDN,
+		ldapUserN: ldapUsername,
 	}
 
 	if len(sessionPolicyStr) > 0 {