diff --git a/misc/pam_authentication/ldap.env b/misc/pam_authentication/ldap.env
index c40018c26735c3c7e65679b8269e5d1a40612bba..958b3c62253d558e16b92815e8dc2e99e6e5dfe1 100644
--- a/misc/pam_authentication/ldap.env
+++ b/misc/pam_authentication/ldap.env
@@ -11,10 +11,9 @@ export LDAPURI="ldap[s]://<ldap-service>[:<port>]/"
 export USER_BASE="dc=example,dc=org" # for actual LDAP servers
 #export USER_BASE="example.org" # for MS Active Directory
 
-# REQUIRED if USER_BASE is configured for LDAP servers. The BIND_DN_PATTERN is
-# used to construct the DN from the USER_NAME and the USER_BASE. Be sure to
-# surround it with single quotation marks "'" because the variable are to be
-# expanded by the script. Defaults to the first
+# The BIND_DN_PATTERN is used to construct the DN from the USER_NAME and the
+# USER_BASE. Be sure to surround it with single quotation marks "'" because the
+# variable are to be expanded by the script. Defaults to the first
 #export BIND_DN_PATTERN='cn=${USER_NAME},${USER_BASE}' # for actual LDAP servers.
 #export BIND_DN_PATTERN='${USER_NAME}@${USER_BASE}' # for MS Active Directory
 
@@ -28,7 +27,7 @@ export USER_BASE="dc=example,dc=org" # for actual LDAP servers
 #export LDAPTLS_REQCERT=never
 #export LDAPTLS_REQCERT=allow
 #export LDAPTLS_REQCERT=try
-export LDAPTLS_REQCERT=hard
+#export LDAPTLS_REQCERT=hard
 
 # Specifies the file that contains certificates for all of the Certificate
 # Authorities the client will recognize.