diff --git a/man/nss-systemd.xml b/man/nss-systemd.xml
index d42a866b0ff..734a9a4a072 100644
--- a/man/nss-systemd.xml
+++ b/man/nss-systemd.xml
@@ -56,6 +56,49 @@
/etc/gshadow based mappings take precedence.
+
+ Static Drop-In JSON User/Group Records
+
+ Besides user/group records acquired via the aforementioned Varlink IPC interfaces and the
+ synthesized root and nobody accounts, this module also makes user and group accounts available to the
+ system that are defined in static drop-in files in the /etc/userdb/,
+ /run/userdb/, /run/host/userdb/ and
+ /usr/lib/userdb/ directories.
+
+ This is a simple mechanism to provide static user and group records via JSON drop-in files. Such
+ user records should be defined in the format described by the JSON User Record specification and be placed in one of the
+ aforementioned directories under a file name composed of the user name suffixed with
+ .user, with a world-readable access mode. A symlink named after the user record's
+ UID formatted in decimal and suffixed with .user pointing to the primary record file
+ should be created as well, in order to allow both lookups by username and by UID. Privileged user record
+ data (e.g. hashed UNIX passwords) may optionally be provided as well, in a pair of separate companion
+ files with the .user-privileged suffix. The data should be stored in a regular file
+ named after the user name, suffixed with .user-privileged, and a symlink pointing to
+ it, named after the used numeric UID formatted in decimal with the same suffix. These companion files
+ should not be readable to anyone but root. Example:
+
+ -rw-r--r--. 1 root root 723 May 10 foobar.user
+-rw-------. 1 root root 123 May 10 foobar.user-privileged
+lrwxrwxrwx. 1 root root 19 May 10 4711.user -> foobar.user
+lrwxrwxrwx. 1 root root 19 May 10 4711.user-privileged -> foobar.user-privileged
+
+ Similarly, group records following the format described in JSON Group Record may be defined, using the file suffixes
+ .group and .group-privileged.
+
+ The primary user/group record files (i.e. those with the .user and
+ .group suffixes) should not contain the privileged section as
+ described in the specifications. The privileged user/group record files (i.e. those with the
+ .user-privileged and .group-privileged suffixes) should
+ contain this section, exclusively.
+
+ Note that static user/group records generally do not override conflicting records in
+ /etc/passwd or /etc/group or other account databases. In fact,
+ before dropping in these files a reasonable level of care should be taken to avoid user/group name and
+ UID/GID conflicts.
+
+
Configuration in /etc/nsswitch.conf