doc: Correct description of ldapurl

The ldapurl option doesn't actually support specifying a user name and
password.

Albe Laurenz

1 files changed, 8 insertions, 2 deletions

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 23c3223736a..d9d14955f0b 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1490,10 +1490,10 @@ omicron         bryanh                  guest1
        <term><literal>ldapurl</literal></term>
        <listitem>
         <para>
-         An RFC 4516 LDAP URL.  This is an alternative way to write most of the
+         An RFC 4516 LDAP URL.  This is an alternative way to write some of the
          other LDAP options in a more compact and standard form.  The format is
 <synopsis>
-ldap://[<replaceable>user</replaceable>[:<replaceable>password</replaceable>]@]<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/<replaceable>basedn</replaceable>[?[<replaceable>attribute</replaceable>][?[<replaceable>scope</replaceable>]]]
+ldap://<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/<replaceable>basedn</replaceable>[?[<replaceable>attribute</replaceable>][?[<replaceable>scope</replaceable>]]]
 </synopsis>
          <replaceable>scope</replaceable> must be one
          of <literal>base</literal>, <literal>one</literal>, <literal>sub</literal>,
@@ -1503,6 +1503,12 @@ ldap://[<replaceable>user</replaceable>[:<replaceable>password</replaceable>]@]<
         </para>
 
         <para>
+         For non-anonymous binds, <literal>ldapbinddn</literal>
+         and <literal>ldapbindpasswd</literal> must be specified as separate
+         options.
+        </para>
+
+        <para>
          To use encrypted LDAP connections, the <literal>ldaptls</literal>
          option has to be used in addition to <literal>ldapurl</literal>.
          The <literal>ldaps</literal> URL scheme (direct SSL connection) is not