Some docs fixes

2 files changed, 80 insertions, 0 deletions

diff --git a/doc/install/Configuration-Settings.md b/doc/install/Configuration-Settings.md
index 5f9b3b62d..c18012af8 100644
--- a/doc/install/Configuration-Settings.md
+++ b/doc/install/Configuration-Settings.md
@@ -289,6 +289,52 @@ Enter `https://<your-gitlab-url>/oauth/authorize` (example: `https://example.com
 ```"UserApiEndpoint": ""```  
 Enter `https://<your-gitlab-url>/oauth/authorize` (example: `https://example.com:3000/api/v3/user`). Use HTTP or HTTPS depending on how your server is configured.
 
+### LDAP Settings (Enterprise)
+
+Settings used to enable and configure LDAP authentication with Mattermost. Available in the Enterprise version of Mattermost.
+
+```"Enable Login With LDAP": "false"```
+When true, Mattermost allows login using LDAP.
+
+```“LDAP Server”: “”```
+The domain or IP address of the LDAP server.
+
+```“LDAP Port”: “389”```
+The port Mattermost will use to connect to the LDAP server. Default is 389.
+
+```”BaseDN”: ””```
+The Base DN is the Distinguished Name of the location where Mattermost should start its search for users in the LDAP tree.
+
+```”Bind Username”: ””```
+The username used to perform the LDAP search. This should typically be an account created specifically for use with Mattermost. It should be a read only account with access limited to the portion of the LDAP tree specified in the BaseDN field.
+
+```”Bind Password”: ””```
+Password of the user given in “Bind Username”.
+
+```”First Name Attribute”: ””```
+The attribute in the LDAP server that will be used to populate the first name of users in Mattermost.
+
+```”Last Name Attribute”: ””```
+The attribute in the LDAP server that will be used to populate the last name of users in Mattermost.
+
+```”Email Attribute”: ””```
+The attribute in the LDAP server that will be used to populate the email addresses of users in Mattermost.
+
+```”Username Attribute”: ””```
+The attribute in the LDAP server that will be used to populate the username field in Mattermost. This may be the same as the ID Attribute.
+
+```”ID Attribute”: ””```
+
+The attribute in the LDAP server that will be used as a unique identifier in Mattermost.
+
+This is the attribute that will be used to create Mattermost accounts. It should be an LDAP attribute with a value that does not change, such as username or uid. If a user’s Id Attribute changes, it will create a new Mattermost account unassociated with their old one. 
+
+This is also the value used to log in to Mattermost in the “LDAP Username” field on the sign in page. Normally this attribute is the same as the “Username Attribute” field above. If your team typically uses domain\username to sign in to other services with LDAP, you may choose to put domain\username in this field to maintain consistency between sites.
+
+```”Query Timeout (seconds)”: ”60”```
+
+The timeout value for queries to the LDAP server. Increase this value if you are getting timeout errors caused by a slow LDAP server.
+
 ## Config.json Settings Not in System Console
 
 System Console allows an IT Admin to update settings defined in `config.json`. However there are a number of settings in `config.json` unavailable in the System Console and require update from the file itself. We describe them here: 
diff --git a/doc/install/LDAP-Setup.md b/doc/install/LDAP-Setup.md
new file mode 100644
index 000000000..a619e645e
--- /dev/null
+++ b/doc/install/LDAP-Setup.md
@@ -0,0 +1,34 @@
+## LDAP Setup
+
+LDAP authentication is available in the Enterprise version of Mattermost.
+### How to enable LDAP
+
+After installing Mattermost:
+
+1. Create a team using email authentication
+  - Note: The first account used to create a team will be the “System Administrator” account, used to configure settings for your Mattermost site
+  3. Go to Main Menu (the three dots near your team name in the top left of your screen) > **System Console**
+  4. Go to LDAP Settings
+  5. Fill in the fields to set up Mattermost authentication with your LDAP server
+
+  After LDAP has been enabled, users should be able to go to your Mattermost site and sign in using their LDAP credentials. The “LDAP username” will be the attribute set in the “Id Attribute” field. 
+
+  **Note: In the initial implementation of LDAP, if a user attribute changes on the LDAP server it will be updated the next time the user enters their credentials to log in to Mattermost. This includes if a user is made inactive or removed from an LDAP server. Synchronization with LDAP servers is planned in a future release.**
+
+### Switching System Administrator account to LDAP authentication
+
+If you would like to switch your System Administrator account to LDAP authentication, it is recommended you do the following:
+
+1. Create a new account using LDAP
+  - Note: If your LDAP credentials use the same email address as your System Administrator account, it is recommended you change the email on your System Administrator account by going to Main Menu -> Account Settings -> General -> Email. This will free up the email address so it can be used by the LDAP account.
+  2. Sign in to your email based System Administrator account
+  3. Navigate to the System Console
+  4. Go to Teams -> Team Name -> Users, and find your new LDAP user account
+  5. Promote your LDAP account to “System Administrator” using the dropdown menu beside the username
+  6. Log in with your LDAP account
+  7. Navigate to the System Console
+  8. Go to Teams -> Team Name -> Users, and find your old email based System Administrator account
+  9. Make the email account “Inactive” using the dropdown beside the username
+
+  **Note: If you make the email account inactive without promoting another account to System Administrator, you will lose your System Administrator privileges. This can be fixed by promoting another account to System Administrator using the command line.**
+