From 00af9881b06cbbaecb66b2958453e082927b4761 Mon Sep 17 00:00:00 2001
From: Aditya Manthramurthy <donatello@users.noreply.github.com>
Date: Tue, 12 Jan 2021 15:44:31 -0800
Subject: [PATCH] LDAP doc fix: remove repeated paragraph and add emphasis
 (#11266)

---
 docs/sts/ldap.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/docs/sts/ldap.md b/docs/sts/ldap.md
index 141df8065..14a11d26d 100644
--- a/docs/sts/ldap.md
+++ b/docs/sts/ldap.md
@@ -37,8 +37,6 @@ LDAP configuration is designed to be simple for the MinIO administrator. The ful
 
 MinIO can be configured to find the groups of a user from AD/LDAP by specifying the **MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER** and **MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE** environment variables. When a user logs in via the STS API, the MinIO server queries the AD/LDAP server with the given search filter and extracts the given attribute from the search results. These values represent the groups that the user is a member of. On each access MinIO applies the IAM policies attached to these groups in MinIO.
 
-MinIO sends LDAP credentials to LDAP server for validation. So we _strongly recommend_ to use MinIO with AD/LDAP server over TLS or StartTLS _only_. Using plain-text connection between MinIO and LDAP server means _credentials can be compromised_ by anyone listening to network traffic.
-
 LDAP is configured via the following environment variables:
 
 ```
@@ -61,7 +59,7 @@ MINIO_IDENTITY_LDAP_SERVER_INSECURE          (on|off)    allow plain text connec
 MINIO_IDENTITY_LDAP_COMMENT                  (sentence)  optionally add a comment to this setting
 ```
 
-MinIO sends LDAP credentials to LDAP server for validation. So we _strongly recommend_ to use MinIO with AD/LDAP server over TLS or StartTLS _only_. Using plain-text connection between MinIO and LDAP server means _credentials can be compromised_ by anyone listening to network traffic.
+**MinIO sends LDAP credentials to LDAP server for validation. So we _strongly recommend_ to use MinIO with AD/LDAP server over TLS or StartTLS _only_. Using plain-text connection between MinIO and LDAP server means _credentials can be compromised_ by anyone listening to network traffic.**
 
 If a self-signed certificate is being used, the certificate can be added to MinIO's certificates directory, so it can be trusted by the server. An example setup for development or experimentation: