diff --git a/authconfig-6.2.10-cacertdir.patch b/authconfig-6.2.10-cacertdir.patch
index c6dd030..b109ed1 100644
--- a/authconfig-6.2.10-cacertdir.patch
+++ b/authconfig-6.2.10-cacertdir.patch
@@ -1,15 +1,7 @@
-# HG changeset patch
-# User Tomas Mraz <tmraz@redhat.com>
-# Date 1427468671 -3600
-#      Fri Mar 27 16:04:31 2015 +0100
-# Node ID 8dd359bfc32e9473251571486ef0a29d1c4167a4
-# Parent  1686f4a66f7cd306bd827274970de09a892bfd9e
-Make the ldapCacertDir follow the openldap default.
-
-diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
---- a/authinfo.py	Tue Mar 03 10:24:52 2015 +0100
-+++ b/authinfo.py	Fri Mar 27 16:04:31 2015 +0100
-@@ -116,7 +116,7 @@
+diff -up authconfig-6.2.10/authinfo.py.cacertdir authconfig-6.2.10/authinfo.py
+--- authconfig-6.2.10/authinfo.py.cacertdir	2015-03-31 10:40:43.321241910 +0200
++++ authconfig-6.2.10/authinfo.py	2015-03-31 10:52:44.420811832 +0200
+@@ -116,7 +116,7 @@ PATH_LIBSSS_AUTOFS = "/usr" + LIBDIR + "
  PATH_WINBIND_NET = "/usr/bin/net"
  PATH_IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
  
@@ -18,7 +10,21 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
  LDAP_CACERT_DOWNLOADED = "authconfig_downloaded.pem"
  
  PATH_CONFIG_BACKUPS = "/var/lib/authconfig"
-@@ -1627,7 +1627,6 @@
+@@ -155,6 +155,13 @@ def matchKey(line, key):
+ 	else:
+ 		return False
+ 
++def matchKeyI(line, key):
++	if line.lower().startswith(key.lower()):
++		# Skip intervening whitespace.
++		return line[len(key):].lstrip()
++	else:
++		return False
++
+ def matchKeyEquals(line, key):
+ 	if line.startswith(key):
+ 		# Skip intervening whitespace.
+@@ -1627,7 +1634,6 @@ class AuthInfo:
  
  	# Read LDAP setup from /etc/ldap.conf.
  	def readLDAP(self, ref):
@@ -26,11 +32,50 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
  		# Open the file.  Bail if it's not there or there's some problem
  		# reading it.
  		try:
-@@ -1675,10 +1674,16 @@
+@@ -1642,43 +1648,50 @@ class AuthInfo:
+ 					try:
+ 						f = open(all_configs[CFG_LDAP].origPath, "r")
+ 					except IOError:
++						self.ldapCacertDir = PATH_LDAP_CACERTS
+ 						return False
+ 
+ 		for line in f:
+ 			line = line.strip()
+ 
+ 			# Is it a "base" statement?
+-			value = matchKey(line, "base")
++			value = matchKeyI(line, "base")
+ 			if value and checkDN(value):
+ 				# Save the base DN.
+ 				self.setParam("ldapBaseDN", value, ref)
+ 				continue
+ 			# Is it a "host" statement?
+-			value = matchKey(line, "host")
++			value = matchKeyI(line, "host")
+ 			if value:
+ 				# Save the host name or IP.
+ 				self.setParam("ldapServer", value, ref)
+ 				continue
+ 			# Is it a "uri" statement?
+-			value = matchKey(line, "uri")
++			value = matchKeyI(line, "uri")
+ 			if value:
+ 				# Save the host name or IP.
+ 				self.setParam("ldapServer", value, ref)
+ 				continue
+ 			# Is it a "ssl" statement?
+-			value = matchKey(line, "ssl")
++			value = matchKeyI(line, "ssl")
+ 			if value:
+ 				self.setParam("enableLDAPS", matchLine(value, "start_tls"), ref)
+ 				continue
+ 			# Is it a "nss_schema" statement?
+-			value = matchKey(line, "nss_schema")
++			value = matchKeyI(line, "nss_schema")
  			if value:
  				self.setParam("ldapSchema", value, ref)
  				continue
-+			value = matchKey(line, "tls_cacertdir")
++			value = matchKeyI(line, "tls_cacertdir")
 +			if value:
 +				self.setParam("ldapCacertDir", value, ref)
 +				continue
@@ -43,7 +88,7 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
  		f.close()
  		return True
  
-@@ -4444,7 +4449,7 @@
+@@ -4443,7 +4456,7 @@ class AuthInfo:
  			self.uninstallIPA()
  
  	def testLDAPCACerts(self):
@@ -52,7 +97,7 @@ diff -r 1686f4a66f7c -r 8dd359bfc32e authinfo.py
  			try:
  				os.stat(self.ldapCacertDir)
  			except OSError as err:
-@@ -4456,7 +4461,7 @@
+@@ -4455,7 +4468,7 @@ class AuthInfo:
  
  	def rehashLDAPCACerts(self):
  		if ((self.enableLDAP or self.enableLDAPAuth) and
diff --git a/authconfig.spec b/authconfig.spec
index f94d69b..effb720 100644
--- a/authconfig.spec
+++ b/authconfig.spec
@@ -1,7 +1,7 @@
 Summary: Command line tool for setting up authentication from network services
 Name: authconfig
 Version: 6.2.10
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 ExclusiveOS: Linux
 Group: System Environment/Base
@@ -125,6 +125,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %{_datadir}/icons/hicolor/256x256/apps/system-config-authentication.*
 
 %changelog
+* Tue Mar 31 2015 Tomáš Mráz <tmraz@redhat.com> - 6.2.10-5
+- set default tls_cacertdir when no ldap.conf is present
+
 * Fri Mar 27 2015 Tomáš Mráz <tmraz@redhat.com> - 6.2.10-4
 - make the cacertdir setup more sane (#1203024)
 - support sssd prompting non-local users for password (#1195817)