diff --git a/doc/pam_pkcs11.8.in b/doc/pam_pkcs11.8.in
index 05425c2..6dccdbe 100644
--- a/doc/pam_pkcs11.8.in
+++ b/doc/pam_pkcs11.8.in
@@ -29,6 +29,8 @@ other applications on your system is also a good source for examples
 on how to configure a PAM service.
 .SH "FILES"
 \fI@confdir@/pam_pkcs11.conf\fP
+.br
+\fI@docdir@/pam_pkcs11.conf.example\fP
 .br 
 \fI/usr/lib/pam_pkcs11/*_mapper.so\fP
 .SH "AUTHOR"
@@ -40,7 +42,6 @@ Report bugs ideas, comments, bug\-fixes and so to:
 .I Juan Antonio Martinez <jonsito@teleline.es>
 .SH "SEE ALSO"
 .BR pam (8),
-.BR pam_pkcs11.conf (5),
 PAM Systems Administrator Guide,
 .I README.mappers
 file, PAM\-PKCS#11 User Manual.
diff --git a/doc/pam_pkcs11.xml b/doc/pam_pkcs11.xml
index d7008c3..76dde37 100644
--- a/doc/pam_pkcs11.xml
+++ b/doc/pam_pkcs11.xml
@@ -1687,7 +1687,7 @@ ldap_mapper configuration file shows like:
         uid_attribute = "uid";
         attribute_map = "<![CDATA[uid=uid&mail=email]]>", "<![CDATA[krbprincipalname=upn]]>";
         # SSL/TLS-Settings
-        ssl = tls
+        ssl = starttls
         # tls_randfile = ...
         tls_cacertfile = /etc/ssl/cacert.pem
         # tls_cacertdir = ...
@@ -1714,7 +1714,7 @@ If a ldaphost is also submitted, it will be appended to the URI list.
 <varlistentry>
 <term><token>ldapport</token></term>
 <listitem>The LDAP Port on the server (default:
-389 for LDAP and LDAP-TLS and 636 for SSL)
+389 for LDAP and LDAP-TLS (STARTTLS) and 636 for LDAP-SSL (LDAPS))
 </listitem>
 </varlistentry>
 
@@ -1825,13 +1825,13 @@ collected under the attribute.
 <term><token>ssl</token></term>
 <listitem>Enable or disable the usage of TLS or SSL
 	<itemizedlist>
-		<listitem><option> off </option>   TLS/SSL off(default)
+		<listitem><option> off </option>   TLS/SSL off (default)
 		</listitem>
 	
-		<listitem><option> tls </option>   enable TLS 
+		<listitem><option> starttls|tls </option>   enable LDAP-TLS (STARTTLS)
 	    </listitem>
 	
-		<listitem><option> on|ssl </option>   enable SSL
+		<listitem><option> ldaps|on|ssl </option>   enable LDAP-SSL (LDAPS)
 		</listitem>
 	</itemizedlist>
 </listitem>
diff --git a/src/mappers/ldap_mapper.c b/src/mappers/ldap_mapper.c
index 6259a51..3c5a1dd 100644
--- a/src/mappers/ldap_mapper.c
+++ b/src/mappers/ldap_mapper.c
@@ -1143,10 +1143,14 @@ static int read_config(scconf_block *blk) {
 	ssltls =  scconf_get_str(blk,"ssl","off");
 	if (! strncasecmp (ssltls, "tls", 3))
 		ssl_on = SSL_START_TLS;
+	else if( ! strncasecmp (ssltls, "starttls", 3))
+		ssl_on = SSL_START_TLS;
 	else if( ! strncasecmp (ssltls, "on", 2))
 		ssl_on = SSL_LDAPS;
 	else if( ! strncasecmp (ssltls, "ssl", 3))
 		ssl_on = SSL_LDAPS;
+	else if( ! strncasecmp (ssltls, "ldaps", 3))
+		ssl_on = SSL_LDAPS;
 
 #if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS))
 	/* TLS specific options */