diff --git a/app/controllers/auth/ldap/LDAPAuthConfig.scala b/app/controllers/auth/ldap/LDAPAuthConfig.scala
index 6e31fad9..3463c34b 100644
--- a/app/controllers/auth/ldap/LDAPAuthConfig.scala
+++ b/app/controllers/auth/ldap/LDAPAuthConfig.scala
@@ -21,9 +21,9 @@ class LDAPAuthConfig(config: Configuration) extends AuthConfig {
       LDAPGroupSearchConfig(
         bindDN,
         bindPwd,
-        groupAuthConfig.getOptional[String]("base-dn").getOrElse(baseDN),
+        groupAuthConfig.getOptional[String]("base-dn"),
         getSetting("user-attr")(groupAuthConfig),
-        groupAuthConfig.getOptional[String]("user-attr-template").getOrElse(userTemplate),
+        groupAuthConfig.getOptional[String]("user-attr-template"),
         group
       )
     }
diff --git a/conf/application.conf b/conf/application.conf
index 3d8f3262..c93e50d1 100644
--- a/conf/application.conf
+++ b/conf/application.conf
@@ -47,12 +47,11 @@ auth = {
     bind-dn = ${?LDAP_BIND_DN}
     bind-pw = ${?LDAP_BIND_PWD}
     group-search {
-      // If left unset parent's base-dn will be used
+      // OpenLDAP might be something like "ou=People,dc=domain,dc=com"
       base-dn = ${?LDAP_GROUP_BASE_DN}
       // Attribute that represent the user, for example uid or mail
       user-attr = ${?LDAP_USER_ATTR}
       // Define a separate template for user-attr
-      // If left unset parent's user-template will be used
       user-attr-template = ${?LDAP_USER_ATTR_TEMPLATE}
       // Filter that tests membership of the group. If this property is empty then there is no group membership check
       // AD example => memberOf=CN=mygroup,ou=ouofthegroup,DC=domain,DC=com