diff --git a/apps/emqx_ldap/src/emqx_ldap.erl b/apps/emqx_ldap/src/emqx_ldap.erl
index d505f92d0..85ba73df9 100644
--- a/apps/emqx_ldap/src/emqx_ldap.erl
+++ b/apps/emqx_ldap/src/emqx_ldap.erl
@@ -54,10 +54,11 @@ fields(config) ->
         {pool_size, fun ?ECS:pool_size/1},
         {username, fun ensure_username/1},
         {password, fun ?ECS:password/1},
-        {base_object,
+        {base_dn,
             ?HOCON(binary(), #{
-                desc => ?DESC(base_object),
+                desc => ?DESC(base_dn),
                 required => true,
+                example => <<"uid=${username},ou=testdevice,dc=emqx,dc=io">>,
                 validator => fun emqx_schema:non_empty_string/1
             })},
         {filter,
@@ -66,6 +67,7 @@ fields(config) ->
                 #{
                     desc => ?DESC(filter),
                     default => <<"(objectClass=mqttUser)">>,
+                    example => <<"(& (objectClass=mqttUser) (uid=${username}))">>,
                     validator => fun emqx_schema:non_empty_string/1
                 }
             )}
@@ -229,9 +231,9 @@ log(Level, Format, Args) ->
     ).
 
 prepare_template(Config, State) ->
-    do_prepare_template(maps:to_list(maps:with([base_object, filter], Config)), State).
+    do_prepare_template(maps:to_list(maps:with([base_dn, filter], Config)), State).
 
-do_prepare_template([{base_object, V} | T], State) ->
+do_prepare_template([{base_dn, V} | T], State) ->
     do_prepare_template(T, State#{base_tokens => emqx_placeholder:preproc_tmpl(V)});
 do_prepare_template([{filter, V} | T], State) ->
     do_prepare_template(T, State#{filter_tokens => emqx_placeholder:preproc_tmpl(V)});
diff --git a/apps/emqx_ldap/test/emqx_ldap_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_SUITE.erl
index a191da3bd..8a90f6f02 100644
--- a/apps/emqx_ldap/test/emqx_ldap_SUITE.erl
+++ b/apps/emqx_ldap/test/emqx_ldap_SUITE.erl
@@ -154,7 +154,7 @@ ldap_config(Config) ->
             "    password = public\n"
             "    pool_size = 8\n"
             "    server = \"~s:~b\"\n"
-            "    base_object=\"uid=${username},ou=testdevice,dc=emqx,dc=io\"\n"
+            "    base_dn=\"uid=${username},ou=testdevice,dc=emqx,dc=io\"\n"
             "    filter =\"(objectClass=mqttUser)\"\n"
             "    ~ts\n"
             "",
diff --git a/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl
index fb3b9fc36..d3b7a90f4 100644
--- a/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl
+++ b/apps/emqx_ldap/test/emqx_ldap_authn_SUITE.erl
@@ -167,7 +167,7 @@ t_update(_Config) ->
     CorrectConfig = raw_ldap_auth_config(),
     IncorrectConfig =
         CorrectConfig#{
-            <<"base_object">> => <<"ou=testdevice,dc=emqx,dc=io">>
+            <<"base_dn">> => <<"ou=testdevice,dc=emqx,dc=io">>
         },
 
     {ok, _} = emqx:update_config(
@@ -208,7 +208,7 @@ raw_ldap_auth_config() ->
         <<"mechanism">> => <<"password_based">>,
         <<"backend">> => <<"ldap">>,
         <<"server">> => ldap_server(),
-        <<"base_object">> => <<"uid=${username},ou=testdevice,dc=emqx,dc=io">>,
+        <<"base_dn">> => <<"uid=${username},ou=testdevice,dc=emqx,dc=io">>,
         <<"username">> => <<"cn=root,dc=emqx,dc=io">>,
         <<"password">> => <<"public">>,
         <<"pool_size">> => 8
diff --git a/apps/emqx_ldap/test/emqx_ldap_authz_SUITE.erl b/apps/emqx_ldap/test/emqx_ldap_authz_SUITE.erl
index de037ddf1..e6424e8ca 100644
--- a/apps/emqx_ldap/test/emqx_ldap_authz_SUITE.erl
+++ b/apps/emqx_ldap/test/emqx_ldap_authz_SUITE.erl
@@ -138,7 +138,7 @@ raw_ldap_authz_config() ->
         <<"enable">> => <<"true">>,
         <<"type">> => <<"ldap">>,
         <<"server">> => ldap_server(),
-        <<"base_object">> => <<"uid=${username},ou=testdevice,dc=emqx,dc=io">>,
+        <<"base_dn">> => <<"uid=${username},ou=testdevice,dc=emqx,dc=io">>,
         <<"username">> => <<"cn=root,dc=emqx,dc=io">>,
         <<"password">> => <<"public">>,
         <<"pool_size">> => 8
diff --git a/rel/i18n/emqx_ldap.hocon b/rel/i18n/emqx_ldap.hocon
index cd2865d85..99e00e63a 100644
--- a/rel/i18n/emqx_ldap.hocon
+++ b/rel/i18n/emqx_ldap.hocon
@@ -8,16 +8,17 @@ The LDAP default port 389 is used if `[:Port]` is not specified."""
 server.label:
 """Server Host"""
 
-base_object.desc:
+base_dn.desc:
 """The name of the base object entry (or possibly the root) relative to
 which the Search is to be performed."""
 
-base_object.label:
-"""Base Object"""
+base_dn.label:
+"""Base DN"""
 
 filter.desc:
 """The filter that defines the conditions that must be fulfilled in order
-for the Search to match a given entry."""
+for the Search to match a given entry.<br>
+The syntax of the filter follows RFC 4515 and also supports placeholders."""
 
 filter.label:
 """Filter"""