diff --git a/src/docbkx/appendix-namespace.xml b/src/docbkx/appendix-namespace.xml
index 17840c772b..bfc7a51afa 100644
--- a/src/docbkx/appendix-namespace.xml
+++ b/src/docbkx/appendix-namespace.xml
@@ -577,19 +577,64 @@
- The <literal><ldap-provider> Element</literal>
+ The <literal><ldap-provider></literal> Element
This element is shorthand for the creation of an LdapAuthenticationProvider instance.
-
+ By default this will be configured with a BindAuthenticator instance and a
+ DefaultAuthoritiesPopulator.
+
+
+ The <literal>user-dn-pattern</literal> Attribute
+
+ If your users are at a fixed location in the directory (i.e. you can work out the DN
+ directly from the username without doing a directory search), you can use this attribute
+ to map directly to the DN. It maps directly to the userDnPatterns
+ property of AbstractLdapAuthenticator.
+
+
+
+
+ The <literal>user-search-base</literal> and <literal>user-search-filter</literal> Attributes
+
+ If you need to perform a search to locate the user in the directory, then you
+ can set these attributes to control the search. The BindAuthenticator will be configured
+ with a FilterBasedLdapUserSearch and the attribute values map directly to the first two
+ arguments of that bean's constructor. If these attributes aren't set and no user-dn-pattern
+ has been supplied as an alternative, then the default search values of user-search-filter="(uid={0})"
+ and user-search-base="" will be used.
+
+
+
+ <literal>group-search-filter</literal>, <literal>group-search-base</literal>, <literal>group-role-attribute</literal> and <literal>role-prefix</literal> Attributes
+
+ The value of group-search-base is mapped to the groupSearchBase constructor argument
+ of DefaultAuthoritiesPopulator and defaults to "ou=groups". The default filter value is
+ "(uniqueMember={0})", which assumes that the entry is of type "groupOfUniqueNames". group-role-attribute
+ maps to the groupRoleAttribute attribute and defaults to "cn". Similarly role-prefix
+ maps to rolePrefix and defaults to "ROLE_".
+
+
+
+ The <literal><password-compare></literal> Element
+
+ This is used as child element to <ldap-provider> and switches
+ the authentication strategy from BindAuthenticator to
+ PasswordComparisonAuthenticator. This can optionally be supplied with a
+ hash attribute or with a child <password-encoder>
+ element to hash the password before submitting it to the directory for comparison.
+
+
+
+
+ The <literal><ldap-user-service></literal> Element
+
+ This element configures an LDAP UserDetailsService. The class used
+ is LdapUserDetailsService which is a combination of a FilterBasedLdapUserSearch
+ and a DefaultAuthoritiesPopulator. The attributes it supports have the same usage as in
+ <ldap-provider>.
-
-
-
-
-
-