Cert LDAP authentication with principal Name

[evgesha_63]

Hello,
I have finally given up trying to authenticate client certificates to CONNECTRA R62 with LDAP user group using Other Name: Principal Name instead of CN field in the third-party user certificate. Checkpoint KB recommends to change the certUsePrincipalName from (false) to (true) in $CVPNIR/conf/cvpnd.C and define :UserLoginAttr (userPrincipalName) in $FWDIR/conf/objects_5_0.C within the Microsoft_AD LDAP object.
It seems not to change the way connectra looks up the certificate fields and still I can see reject records in log with references to user's CN from certificate.

Everything works well with LDAP username/password authentication.

Any ideas would be highly appreciated.