diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 23c3223736..d9d14955f0 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1490,10 +1490,10 @@ omicron bryanh guest1
ldapurl
- An RFC 4516 LDAP URL. This is an alternative way to write most of the
+ An RFC 4516 LDAP URL. This is an alternative way to write some of the
other LDAP options in a more compact and standard form. The format is
-ldap://[user[:password]@]host[:port]/basedn[?[attribute][?[scope]]]
+ldap://host[:port]/basedn[?[attribute][?[scope]]]
scope must be one
of base, one, sub,
@@ -1502,6 +1502,12 @@ ldap://[user[:password]@]<
not supported.
+
+ For non-anonymous binds, ldapbinddn
+ and ldapbindpasswd must be specified as separate
+ options.
+
+
To use encrypted LDAP connections, the ldaptls
option has to be used in addition to ldapurl.