diff --git a/README.md b/README.md
index 00a2d10..f59e9f6 100644
--- a/README.md
+++ b/README.md
@@ -27,24 +27,8 @@ ln -sr bam PROJECT_DIRECTORY/bam
   5. Set `bam.hashers.LDAPPBKDF2PasswordHasher` as the first item of the
      `PASSWORD_HASHERS` array in the project's `settings.py`.
 
-  6. Insert the settings `BAM_LDAP_URI`, `BAM_LDAP_BIND_DN`, `BAM_LDAP_SECRET`
-     and `BAM_LDAP_BASE_DN_MAP` according to your setup into the project's
-     `settings.py`. The base DN map has to be a dict from base DNs to arrays of
-     Django groups.
-
-     Example:
-
-     ```
-    BAM_LDAP_BASE_DN_MAP = {
-        'ou=test,dc=blinkenbunt,dc=org': [
-            'jabber',
-            'git',
-        ],
-        'ou=admins,dc=blinkenbunt,dc=org': [
-            'admin',
-        ],
-    }
-```
+  6. Insert the configuration values described below according to your setup
+     into the project's `settings.py`.
 
   7. Append `path('', include('bam.urls')),` to the project's `urls.py`.
 
@@ -68,6 +52,36 @@ ln -sr bam PROJECT_DIRECTORY/bam
 ./manage.py runserver
 ```
 
+## Configuration Options
+
+  * `BAM_LDAP_URI`: URI of the LDAP server to connect to. For a server on the
+    same system, `ldapi:///` usually can be used.
+
+  * `BAM_LDAP_BIND_DN`: The DN to bind to. It requires permissions to create
+    and change entries in the relevant base DNs.
+
+  * `BAM_LDAP_SECRET`: The secret corresponding to the bind DN.
+
+  * `BAM_LDAP_BASE_DN_MAP`: A dict from base DNs to arrays of Django groups.
+
+    User entries are maintained in the given base DN for all active members of
+    at least one of the assigned groups. They get deleted if the corresponding
+    user is deactivated or no longer in any of these groups.
+
+    Example:
+
+    ```
+    BAM_LDAP_BASE_DN_MAP = {
+        'ou=test,dc=blinkenbunt,dc=org': [
+            'jabber',
+            'git',
+        ],
+        'ou=admins,dc=blinkenbunt,dc=org': [
+            'admin',
+        ],
+    }
+```
+
 ## ToDo
 
 ### Essential