diff --git a/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2 b/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
index d57c387..db6289e 100644
--- a/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
+++ b/roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
@@ -31,8 +31,7 @@ dn = {{ ldap_binddn }}
 dnpass = {{ ldap_bindpw }}
 
 # Use SASL binding instead of the simple binding. Note that this changes
-# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
-# and auth_bind=yes don't work together.
+# ldap_version automatically to be 3 if it's lower.
 #sasl_bind = no
 # SASL mechanism name to use.
 #sasl_mech =
@@ -46,7 +45,7 @@ dnpass = {{ ldap_bindpw }}
 #tls = no
 # TLS options, currently supported only with OpenLDAP:
 tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
-#tls_ca_cert_dir = /etc/ssl/certs
+#tls_ca_cert_dir =
 #tls_cipher_suite =
 # TLS cert/key is used only if LDAP server requires a client certificate.
 #tls_cert_file =