@@ -313,12 +313,11 @@ providers with different ``base_dn``. The value of this option must be a valid
313313search string (e.g. ``uid="{username}" ``). The placeholder value will be
314314replaced by the actual username.
315315
316- When this option is used, ``dn_string `` has to be updated accordingly. Following
317- the previous example, if your users have the following two DN:
316+ When this option is used, ``query_string `` will search in the DN specified by ``dn_string ``
317+ and the DN resulted of the ``query_string `` will be used to authenticate the user with
318+ their password. Following the previous example, if your users have the following two DN:
318319``dc=companyA,dc=example,dc=com `` and ``dc=companyB,dc=example,dc=com ``, then
319- ``dn_string `` should be ``dc=example,dc=com ``. If the ``query_string `` option is
320- ``uid="{username}" ``, then the authentication provider can authenticate users
321- from both DN.
320+ ``dn_string `` should be ``dc=example,dc=com ``.
322321
323322Bear in mind that usernames must be unique across both DN, as the authentication
324323provider won't be able to select the correct user for the bind process if more