diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 3837147c40e..d28582b1f61 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -39,9 +39,10 @@
to authenticate against an LDAP server either TLS/SSL or LDAPS
is required. sssd does
not support authentication over an unencrypted channel.
- If the LDAP server is used only as an identity provider, an encrypted
- channel is not needed. Please refer to ldap_access_filter
- config option for more information about using LDAP as an access provider.
+ Even if the LDAP server is used only as an identity provider, an encrypted
+ channel is strongly recommended. Please refer to
+ ldap_access_filter
config option for more information
+ about using LDAP as an access provider.
@@ -925,7 +926,7 @@
true - TLS must be used or the connection
- will fail.
+ will fail. Recommended for security reasons.