diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 3837147c40e..d28582b1f61 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -39,9 +39,10 @@ to authenticate against an LDAP server either TLS/SSL or LDAPS is required. sssd does not support authentication over an unencrypted channel. - If the LDAP server is used only as an identity provider, an encrypted - channel is not needed. Please refer to ldap_access_filter - config option for more information about using LDAP as an access provider. + Even if the LDAP server is used only as an identity provider, an encrypted + channel is strongly recommended. Please refer to + ldap_access_filter config option for more information + about using LDAP as an access provider. @@ -925,7 +926,7 @@ true - TLS must be used or the connection - will fail. + will fail. Recommended for security reasons.