Add note about extended localhost exception in 3.4

(Tweaked language)

Signed-off-by: Andrew Aldridge <[email protected]>

source/core/security-users.txt

@@ -145,6 +145,14 @@ the first user in the ``admin`` database. The first user must have
 privileges to create other users, such as a user with the
 :authrole:`userAdmin` or :authrole:`userAdminAnyDatabase` role.
 
+.. versionchanged:: 3.4
+
+   MongoDB 3.4 extended the localhost exception to permit execution of the
+   :method:`db.createRole()` method. This method allows users authorizing via
+   LDAP to create a role inside of MongoDB that maps to a role defined
+   in LDAP. See :ref:`LDAP Authorization <security-ldap-external>` for more
+   information.
+
 .. versionchanged:: 3.0
 
    The localhost exception changed so that these connections *only*