From c566cc6b61509312a470fede6b16769c5e4d09b8 Mon Sep 17 00:00:00 2001
From: Aditya Manthramurthy <donatello@users.noreply.github.com>
Date: Wed, 9 Oct 2019 23:58:39 -0700
Subject: [PATCH] Fix errors in ldap doc (#8374)

---
 docs/sts/ldap.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/sts/ldap.md b/docs/sts/ldap.md
index 8e0678dbc..eab464154 100644
--- a/docs/sts/ldap.md
+++ b/docs/sts/ldap.md
@@ -47,10 +47,11 @@ LDAP is configured via the following environment variables:
 | **MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN** | **NO**                    | Base DN in AD/LDAP hierarchy to use in search requests |
 | **MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER**  | **NO**                    | Search filter to find groups of a user                 |
 | **MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE** | **NO**                    | Attribute of search results to use as group name       |
-| **MINIO_IDENTITY_LDAP_STS_EXPIRY_DURATION**  | **NO** (default: "1h")    | STS credentials validity duration                      |
-| **MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY**      | **NO** (default: "false") | Disable TLS certificate verification                   |
+| **MINIO_IDENTITY_LDAP_STS_EXPIRY**           | **NO** (default: "1h")    | STS credentials validity duration                      |
 
-Please note that MinIO will only access the AD/LDAP server over TLS. An example setup for development or experimentation:
+Please note that MinIO will only access the AD/LDAP server over TLS. If a self-signed certificate is being used, the certificate can be added to MinIO's certificates directory, so it can be trusted by the server.
+
+An example setup for development or experimentation:
 
 ``` shell
 export MINIO_IDENTITY_LDAP_SERVER_ADDR=myldapserver.com:636
@@ -58,8 +59,7 @@ export MINIO_IDENTITY_LDAP_USERNAME_FORMAT="uid=${username},cn=accounts,dc=mylda
 export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="dc=myldapserver,dc=com"
 export MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER="(&(objectclass=groupOfNames)(member=${usernamedn}))"
 export MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE="cn"
-export MINIO_IDENTITY_LDAP_STS_EXPIRY_DURATION=60
-export MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY=true
+export MINIO_IDENTITY_LDAP_STS_EXPIRY=60
 ```
 
 ### Variable substitution in AD/LDAP configuration strings