diff --git a/_security-plugin/configuration/ldap.md b/_security-plugin/configuration/ldap.md
index 294e3fd1..376f3ae5 100755
--- a/_security-plugin/configuration/ldap.md
+++ b/_security-plugin/configuration/ldap.md
@@ -431,9 +431,11 @@ rolesearch_enabled: false
 
 By default, the security plugin reads all LDAP user attributes and makes them available for index name variable substitution and DLS query variable substitution. If your LDAP entries have a lot of attributes, you might want to control which attributes should be made available. The fewer the attributes, the better the performance.
 
+Note that this setting is made in the authentication `authc` section of the config.yml file.
+
 Name | Description
 :--- | :---
-`custom_attr_whitelist`  | String array. Specifies the LDAP attributes that should be made available for variable substitution.
+`custom_attr_allowlist`  | String array. Specifies the LDAP attributes that should be made available for variable substitution.
 `custom_attr_maxval_len`  | Integer. Specifies the maximum allowed length of each attribute. All attributes longer than this value are discarded. A value of `0` disables custom attributes altogether. Default is 36.
 
 Example:
@@ -446,7 +448,7 @@ authc:
     authentication_backend:
       type: ldap
       config:
-        custom_attr_whitelist:
+        custom_attr_allowlist:
           - attribute1
           - attribute2
         custom_attr_maxval_len: 36