From cb654da3fcca31e675727b27dd1356fbc191ab9f Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Mon, 15 Oct 2012 17:49:24 +0000
Subject: [PATCH] lamdaemon update

---
 lam/docs/manual-sources/howto.xml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 8fa8b1a3..87ca58dc 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -5612,6 +5612,14 @@ Run slapindex to rebuild the index.
 
       <para>This needs to be the public part of the signing certificate
       authority. See "man ldap.conf" for additional options.</para>
+
+      <literallayout>
+</literallayout>
+
+      <para>You may also need to specify the CA certificate in your Apache
+      configuration by using the option "LDAPTrustedGlobalCert":</para>
+
+      <programlisting>LDAPTrustedGlobalCert /etc/ldap/ca/myCA/cacert.pem</programlisting>
     </section>
 
     <section>
@@ -5829,9 +5837,16 @@ Run slapindex to rebuild the index.
           account must be accepted by the SSH daemon of your home directory
           server. Do not create a second local account but change your system
           to accept LDAP users. You can use LAM to add the Unix account part
-          to your admin user.</para>
+          to your admin user or create a new account. Please do not forget to
+          setup LDAP write access (ACLs) if you create a new account.</para>
         </listitem>
       </itemizedlist>
+
+      <para><emphasis role="bold">OpenLDAP ACL location:</emphasis></para>
+
+      <para>The access rights for OpenLDAP are configured in
+      /etc/ldap/slapd.conf or
+      /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif. </para>
     </section>
 
     <section>