diff --git a/matrix/synapse/README.md b/matrix/synapse/README.md
index fa8482b..1e9f4ef 100644
--- a/matrix/synapse/README.md
+++ b/matrix/synapse/README.md
@@ -314,9 +314,13 @@ password_providers:
       base: "ou=users,o=Example,dc=example,dc=com"
       attributes:
          uid: "uid"
-         mail: "email"
-         name: "givenName"
+         mail: "mail"
+         name: "cn"
       filter: "(&(objectClass=posixAccount)(accountStatus=active))"
+
+      mode: "search"
+      bind_dn: "cn=matrix,ou=service,o=Example,dc=example,dc=com"
+      bind_password: "<very secure password>"
 ```
 
 This would connect to ldap.example.com over TLS, and authenticate users that
@@ -324,6 +328,12 @@ live under `ou=users,o=Example,dc=example,dc=com` and that are active Posix
 accounts. Users will not be able to change their passwords via Matrix, they
 have to do that in LDAP.
 
+The bottom 3 lines enable search mode, necessary to find users' displayname
+and e-mail address. These values are in LDAP under the attributes "mail" and
+"cn" (completely dependent on your LDAP DIT of course, this setup is common
+for OpenLDAP). The bind_dn and bind_password are for the account Synapse can
+use to connect and search, necessary if anonymous access is prohibited.
+
 
 # Server configuration {#serverconfig}
 
@@ -365,7 +375,31 @@ ip_range_blacklist:
   - 'fec0::/10'
 
 filter_timeline_limit: 500
+delete_stale_devices_after: 1y
 ```
 
 These should be reasonable defaults, but do check the [Server block](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#server)
 in Synapse's documentation for more options and information.
+
+
+# Registration {#Registration}
+
+Registration of new users is configured under `conf.d/registration.yaml`:
+
+```
+enable_registration: false
+enable_registration_without_verification: false
+registrations_require_3pid: email
+registration_shared_secret: <long random string>
+allow_guest_access: false
+
+enable_set_displayname: false
+enable_3pid_changes: false
+```
+
+The last two lines prohibit users to change their displayname and 3pid-data
+(i.e. e-mail address and phone number). In many cases you'd want them to be
+able to set these, of course. But when you use LDAP, which provides these
+values, you don't want users to change those.
+
+See for more options [Synapse's documentation](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#registration).