diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0777d7740fbf2b5e2ac0c71142405377dfa9af1e..4816d89dd2cb332191014d7d52aa068ba5a7d326 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,14 +11,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+* `misc/pam_authentication/ldap.conf` is not used for configuring the
+  `ldap_authentication.sh` script anymore.
+  Use `misc/pam_authentication/ldap.env` instead and view the documentation
+  inside the file itself for more information.
+
 ### Deprecated
 
 ### Removed
 
 ### Fixed
 
+* `ldap_authentication.sh <username>` failed on every attempt when used in
+  combination with OpenLDAP with default configuration.
+* `ldap_authentication.sh` allowed empty and even wrong passwords when used in
+  combination with MS Active Directory when AD is configured to allow binding
+  with an empty password.
+
 ### Security
 
+* `ldap_authentication.sh` allowed empty and even wrong passwords when used in
+  combination with MS Active Directory when AD is configured to allow binding
+  with an empty password. This is only relevant for non-default configurations
+  of the `PAM.pam_script` option in the `usersources.ini`.
 
 ## [0.7.2] - 2022-03-25
 (Timm Fitschen)