diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index a53a3c41bfc74064443f70970ac44d1fece7b472..3d7831293d6a8403258a187912deb7709f5a75a1 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -238,7 +238,10 @@ Specify the DN of an entry that is not subject to access control
 or administrative limit restrictions for operations on this database.
 .TP
 .B rootpw <password>
-Specify a password for the rootdn.
+Specify a password (or hash of the password) for the rootdn.
+This option accepts all password formats known to the server
+including \fB{SHA}\fP, \fB{MD5}\fP, \fB{CRYPT}\fP, and cleartext.  
+Cleartext passwords are not recommended.
 .TP
 .B suffix <dn suffix>
 Specify the DN suffix of queries that will be passed to this 
diff --git a/libraries/libldap/ldap.conf b/libraries/libldap/ldap.conf
index b3d3a6646dc8ed38d62b12b00b4530b3b197c3a5..28ca7f5d76c4c3a9a2b9500bc4bd35a977d84bcc 100644
--- a/libraries/libldap/ldap.conf
+++ b/libraries/libldap/ldap.conf
@@ -2,6 +2,9 @@
 # LDAP Defaults
 #
 
+# See ldap.conf(5) for details
+# This file should be world readable.
+
 BASE	dc=OpenLDAP, dc=Org
 HOST	ldap.openldap.org
 
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 901e5693826523cac78d806c99ebc31a9789833c..80e121d3008b505f0351e3db447770197f852353 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -1,3 +1,7 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
 include		%SYSCONFDIR%/slapd.at.conf
 include		%SYSCONFDIR%/slapd.oc.conf
 schemacheck	off
@@ -14,3 +18,5 @@ directory	/usr/tmp
 rootdn		"cn=root, dc=your-domain, dc=com"
 #rootdn		"cn=root, o=Your Organization Name, c=US"
 rootpw		secret
+# cleartext passwords, especially for the rootdn, should
+# be avoid.  See slapd.conf(5) for details.