--- a/mod_auth_ldap.wiki	Tue Jul 15 16:42:55 2014 +0000
+++ b/mod_auth_ldap.wiki	Mon Jul 21 11:56:43 2014 +0000
@@ -18,15 +18,20 @@
 
 LDAP options are:
 || *Name*        || *Description*                                      || *Default value*  ||
-|| ldap_server   || space-separated list of hostnames or IPs           || "localhost"      ||
+|| ldap_server   || space-separated list of hostnames or IPs, optionally with port numbers (e.g. "localhost:8389") || "localhost"      ||
 || ldap_rootdn   || the distinguished name to auth against             || "" (anonymous)   ||
 || ldap_password || the password                                       || ""               ||
 || ldap_filter   || search filter, with $user and $host substituded for user- and hostname || "(uid=$user)"    ||
 || ldap_scope    || search scope. other values: "base" and "subtree"   || "onelevel"       ||
-|| ldap_tls      || Use TLS to connect to LDAP? (can be true or false) || false            ||
+|| ldap_tls      || Enable TLS (StartTLS) to connect to LDAP (can be true or false). The non-standard 'LDAPS' protocol is not supported. || false            ||
 || ldap_base     || LDAP base directory which stores user accounts     || This is required ||
 || ldap_mode     || How passwords are validated.                       || "getpasswd" if ldap_rootdn is set, "bind" otherwise ||
 
+*Note:*  lua-ldap reads from /etc/ldap/ldap.conf and other files like
+~prosody/.ldaprc if they exist.  Users wanting to use a particular TLS
+root certificate can specify it in the normal way using TLS_CACERT in
+the OpenLDAP config file.
+
 = Modes =
 
 The "getpasswd" mode requires plain text access to passwords in LDAP and
@@ -38,4 +43,4 @@
 
 = Compatibility =
 
-|| 0.8 and above || should work ||
+|| 0.8 and above || should work ||
\ No newline at end of file