diff --git a/docs/setup/security/shiro_authentication.md b/docs/setup/security/shiro_authentication.md
index f48783779fe..01f6d0ba08b 100644
--- a/docs/setup/security/shiro_authentication.md
+++ b/docs/setup/security/shiro_authentication.md
@@ -152,17 +152,19 @@ The other more flexible option is to use the LdapRealm. It allows for mapping of
 ldapRealm=org.apache.zeppelin.realm.LdapRealm
 
 ldapRealm.contextFactory.authenticationMechanism=simple
-ldapRealm.contextFactory.url=ldap://localhost:33389
-ldapRealm.userDnTemplate=uid={0},ou=people,dc=hadoop,dc=apache,dc=org
+ldapRealm.contextFactory.url = ldap://localhost:33389
+ldapRealm.userDnTemplate = uid={0},ou=people,dc=hadoop,dc=apache,dc=org
 # Ability to set ldap paging Size if needed default is 100
 ldapRealm.pagingSize = 200
-ldapRealm.authorizationEnabled=true
-ldapRealm.contextFactory.systemAuthenticationMechanism=simple
-ldapRealm.searchBase=dc=hadoop,dc=apache,dc=org
+ldapRealm.authorizationEnabled = true
+ldapRealm.contextFactory.authenticationMechanism = simple
+ldapRealm.searchBase = dc=hadoop,dc=apache,dc=org
 ldapRealm.userSearchBase = dc=hadoop,dc=apache,dc=org
 ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org
-ldapRealm.groupObjectClass=groupofnames
+ldapRealm.groupObjectClass = groupofnames
 # Allow userSearchAttribute to be customized
+# If userSearchAttributeName was configured, Zeppelin would use userObjectClass and userSearchAttributeName to search for an actual user DN
+# Otherwise, memberAttributeValueTemplate would be used to construct the user DN.
 ldapRealm.userSearchAttributeName = sAMAccountName
 ldapRealm.memberAttribute=member
 # force usernames returned from ldap to lowercase useful for AD