From 0b3cb317ba30426f1f20d7bbabf4a40b1057f339 Mon Sep 17 00:00:00 2001
From: Jan Christoph Ebersbach <jceb@e-jc.de>
Date: Fri, 16 Dec 2022 01:23:17 +0100
Subject: [PATCH] docs: correct LDAP DN for token authentication (#1263)

---
 kanidm_book/src/accounts_and_groups.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/kanidm_book/src/accounts_and_groups.md b/kanidm_book/src/accounts_and_groups.md
index e8a2214e4..ea3c6337f 100644
--- a/kanidm_book/src/accounts_and_groups.md
+++ b/kanidm_book/src/accounts_and_groups.md
@@ -219,11 +219,11 @@ kanidm service-account api-token destroy --name admin demo_service 4de2a4e9-e06a
 ```
 
 Api tokens can also be used to gain extended search permissions with LDAP. To do this you can bind
-with a dn of "" (empty string) and provide the api token in the password.
+with a dn of `dn=token` and provide the api token in the password.
 
 ```shell
-ldapwhoami -H ldaps://URL -x -D "" -w "TOKEN"
-ldapwhoami -H ldaps://idm.example.com -x -D "" -w "..."
+ldapwhoami -H ldaps://URL -x -D "dn=token" -w "TOKEN"
+ldapwhoami -H ldaps://idm.example.com -x -D "dn=token" -w "..."
 # u: demo_service@idm.example.com
 ```