diff --git a/ldap/ldap.go b/ldap/ldap.go
index 8a0b3b5..af7fe17 100644
--- a/ldap/ldap.go
+++ b/ldap/ldap.go
@@ -395,11 +395,12 @@ func LookupDN(conn *ldap.Conn, dn string, attrs []string) (*DNSearchResult, erro
 }
 
 // NormalizeDN normalizes the DN. The ldap library here mainly lowercases the
-// attribute type names in the DN.
+// attribute type names in the DN. However, since MinIO is going to be
+// case-insenstive, we lowercase the whole string.
 func NormalizeDN(dn string) (string, error) {
 	parsedDN, err := ldap.ParseDN(dn)
 	if err != nil {
 		return "", fmt.Errorf("DN (%s) parse failure: %w", dn, err)
 	}
-	return parsedDN.String(), nil
+	return strings.ToLower(parsedDN.String()), nil
 }
diff --git a/policy/action.go b/policy/action.go
index 7b3392a..d81f028 100644
--- a/policy/action.go
+++ b/policy/action.go
@@ -206,7 +206,7 @@ const (
 	// PutObjectFanOutAction - PutObject like API action but allows PostUpload() fan-out.
 	PutObjectFanOutAction = "s3:PutObjectFanOut"
 
-	// S3Express CreateSession action
+	// CreateSessionAction - S3Express action
 	CreateSessionAction = "s3express:CreateSession"
 
 	// AllActions - all API actions