diff -r 4ebfdf607b49 -r 2ad148f22c2f doc/book/admin/ldap.rst
--- a/doc/book/admin/ldap.rst	Tue Feb 25 23:30:32 2020 +0100
+++ b/doc/book/admin/ldap.rst	Tue Feb 25 23:31:30 2020 +0100
@@ -83,6 +83,8 @@
 * `data-cnx-password`, password to use to open data connection to the
   ldap (eg used to respond to rql queries)
 
+* `start-tls`, starting TLS before bind (valid values: "true", "false")
+
 If the LDAP server accepts anonymous binds, then it is possible to
 leave data-cnx-dn and data-cnx-password empty. This is, however, quite
 unlikely in practice. Beware that the LDAP server might hide attributes