diff --git a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java
index cc5ab4361d..cf3e5a589b 100644
--- a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java
+++ b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java
@@ -511,6 +511,7 @@ public class PeopleImpl implements People
 
 	private void validateCreatePersonData(Person person)
 	{
+        validateUsername(person.getUserName());
         validateNamespaces(person.getAspectNames(), person.getProperties());
 		checkRequiredField("id", person.getUserName());
 		checkRequiredField("firstName", person.getFirstName());
@@ -518,6 +519,19 @@ public class PeopleImpl implements People
 		checkRequiredField("password", person.getPassword());
 	}
 
+    private void validateUsername(String username)
+    {
+        if (username.length() > 100)
+        {
+            throw new InvalidArgumentException("Username is too long.");
+        }
+
+        if (username.indexOf('/') != -1)
+        {
+            throw new IllegalArgumentException("Username contains characters that are not permitted.");
+        }
+    }
+
     private void validateNamespaces(List<String> aspectNames, Map<String, Object> properties)
     {
         if (aspectNames != null)
diff --git a/source/test-java/org/alfresco/rest/api/tests/TestPeople.java b/source/test-java/org/alfresco/rest/api/tests/TestPeople.java
index dfcd96cc35..73df582d29 100644
--- a/source/test-java/org/alfresco/rest/api/tests/TestPeople.java
+++ b/source/test-java/org/alfresco/rest/api/tests/TestPeople.java
@@ -289,8 +289,18 @@ public class TestPeople extends EnterpriseTestApi
         assertEquals("userStatus", p.getUserStatus());
         assertEquals(true, p.isEnabled());
         assertEquals(true, p.isEmailNotificationsEnabled());
+
+        // -ve tests
+        // create person with username too long
+        person.setUserName("myUserName11111111111111111111111111111111111111111111111111111111111111111111111111111111@" + account1.getId());
+        people.create(person, 400);
+
+        // create person with special character '/'
+        person.setUserName("myUser/Name@" + account1.getId());
+        people.create(person, 400);
+
     }
-    
+
     @Test
     public void testCreatePerson_canCreateDisabledPerson() throws PublicApiException
     {
@@ -703,7 +713,7 @@ public class TestPeople extends EnterpriseTestApi
         assertTrue(person.getAspectNames().contains("papi:dessertable"));
         return person;
     }
-    
+
     @Test
     public void testUpdatePerson_withCustomProps() throws Exception
     {