diff --git a/README.md b/README.md
index bc8260ca26d3ca20cd909694c1ed566988c8d0a4..8f95b4a9a775bccda8ca3bc5218fb290c72d44c6 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,22 @@
-LDAP password expiry checker
-============================
+# LDAP password expiry checker
+LDAP Users must change their password regularly according to the password policy.
 
-LDAP Users must change their password regularly according to the password
-policy.
+When the old password isn't valid anymore but hasn't been changed yet, there's a grace period of six logins before the account is suspended. The plugin shows a reminder before password expiration and another reminder if only less than six logins remain before account suspension because of password expiration.
 
-When the old password isn't valid anymore but hasn't been changed yet, there's
-a grace period of six logins before the account is suspended. The plugin shows
-a reminder before password expiration and another reminder if only less than
-six logins remain before account suspension because of password expiration.
+##Configuration
+The Plugin provides six entries in Stud.IP global configuration, all in the section 'ldappasswordexpiryplugin':
+- *LDAPPASSWORDEXPIRYPLUGIN_AUTHPLUGINS*
+  Comma-separated list of Stud.IP auth plugins that shall be monitored by this plugin.
+- *LDAPPASSWORDEXPIRYPLUGIN_GRACELOGINATTRIBUTE*
+  Name of the LDAP attribute that is used for storing how many grace logins remain until the account is suspended after password expiration. Leave empty if not applicable.
+  Default is "loginGraceRemaining".
+- *LDAPPASSWORDEXPIRYPLUGIN_LOGINLIMITATTRIBUTE*
+  Name of the LDAP attribute that stores the number of grace logins a user has after password expiration. Leave empty if not applicable.
+  Default is "loginGraceLimit".
+- *LDAPPASSWORDEXPIRYPLUGIN_PASSWORDCHANGEURL*
+  URL of a website where users can change their current password. Leave empty if not applicable.
+- *LDAPPASSWORDEXPIRYPLUGIN_PASSWORDEXPIRYATTRIBUTE*
+  Name of the LDAP attribute that shows the password expiry date.
+- *LDAPPASSWORDEXPIRYPLUGIN_WARNINGDAYSBEFORE*
+  How many days before password expiration shall the warning message appear?
+  Default is 7 (one week).