Please fill in the following information:

Issue description

`oc get groups` produces a list of the ocp groups including those sync'd from LDAP backed IPA server on idm.ocp4.example.com.  Developers cn looks like this:

[student@idm ~]$  ldapsearch -x -D "uid=admin,cn=users,cn=accounts,dc=ocp4,dc=example,dc=com" -W -b "cn=users,cn=accounts,dc=ocp4,dc=example,dc=com" -h idm.ocp4.example.com -s subject "(uid=developer)" cn

1. developer, users, accounts, ocp4.example.com
   dn: uid=developer,cn=users,cn=accounts,dc=ocp4,dc=example,dc=com
   cn: . developer

The oauth configuration included uses the cn to present this string as the name in various places.

Consider the groups output like:

[student@workstation ~]$ *oc get groups ocpdevs -o jsonpath='{.users[0]}

'*
. developer

Also, visible when logging into the webconsole (see screenshot) and in screenshots found in the coursebook (see step 4.5 in the GE).

Workaround:

Ignore the misleading . in the developer's CN.  Questions I've received from learners on this include  "Is that period there to act as a wildcard to include other LDAP users?"   "Why does the developer user have a period in their name and not the admin user?"  The only workaround I have is to explain the backend configuration in IPA.

Expected result:

The CN for developer should only use alphanumeric strings (ie avoid periods, asterisks, etc).  Consider that for the admin user the cn is "Administrator".  So, maybe use "Developer".