diff --git a/docs/modules/conf/examples/gateway.ini b/docs/modules/conf/examples/gateway.ini
index 13bb9c36..39ef7585 100644
--- a/docs/modules/conf/examples/gateway.ini
+++ b/docs/modules/conf/examples/gateway.ini
@@ -191,6 +191,16 @@ group_object_classes=
   posixGroup
   groupOfNames
 
+# Lookup user DN in the scope of user base subtree. If disable, LDAP
+# directory is not requested to search for the user in the subtree before
+# authentication, and the user DN are considered to be in the form of
+# `{user_name_attribute}=<login>,{user_base}` (ex:
+# `uid=<login>,ou=people,dc=example,dc=org`). This notably implies all
+# users entries to be at the first level under the user base in the tree.
+#
+# Default value: yes
+lookup_user_dn=yes
+
 # DN used to bind to the LDAP server. When this parameter is not defined,
 # access to LDAP directory is performed anonymously.
 bind_dn=cn=system,ou=people,dc=example,dc=org
diff --git a/docs/modules/conf/partials/conf-gateway.adoc b/docs/modules/conf/partials/conf-gateway.adoc
index 988bd815..c43abd4c 100644
--- a/docs/modules/conf/partials/conf-gateway.adoc
+++ b/docs/modules/conf/partials/conf-gateway.adoc
@@ -447,6 +447,23 @@ _No default value_
 * `groupOfNames`
 
 
+|-
+
+|lookup_user_dn
+|bool
+|Lookup user DN in the scope of user base subtree. If disable, LDAP
+directory is not requested to search for the user in the subtree before
+authentication, and the user DN are considered to be in the form of
+`{user_name_attribute}=<login>,{user_base}` (ex:
+`uid=<login>,ou=people,dc=example,dc=org`). This notably implies all
+users entries to be at the first level under the user base in the tree.
+
+
+
+
+
+*Default:* `True`
+
 |-
 
 |bind_dn