diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index 17f356c464..2f77308668 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -612,11 +612,11 @@ Gerrit will populate it only from the LDAP data.
 Default is `uid` for RFC 2307 servers,
 and `${sAMAccountName.toLowerCase}` for Active Directory.
 
-[[ldap.accountMemberField]ldap.accountMemberField::
+[[ldap.accountMemberField]]ldap.accountMemberField::
 +
 _(Optional)_ Name of an attribute on the user account object which
-contains the groups the user is part of. Typically used for ActiveDirectory
-servers.
+contains the groups the user is part of. Typically used for Active
+Directory servers.
 +
 Default is unset for RFC 2307 servers (disabled)
 and `memberOf` for Active Directory.
@@ -637,6 +637,17 @@ Scope of the search performed for group objects.  Must be one of:
 +
 Default is `subtree` as many directories have several levels.
 
+[[ldap.groupPattern]]ldap.groupPattern::
++
+Query pattern used when searching for an LDAP group to connect
+to a Gerrit group.  This may be any valid LDAP query expression,
+including the standard `(&...)` and `(|...)` operators.  The variable
+`$\{groupname\}` is replaced with the search term supplied by the
+group owner.
++
+Default is `(cn=$\{groupname\})` for RFC 2307,
+and `(&(objectClass=group)(cn=$\{groupname\}))` for Active Directory.
+
 [[ldap.groupMemberPattern]]ldap.groupMemberPattern::
 +
 Query pattern to use when searching for the groups that a user