diff -up authconfig-6.2.10/authinfo.py.cacertdir authconfig-6.2.10/authinfo.py
--- authconfig-6.2.10/authinfo.py.cacertdir	2015-03-31 10:40:43.321241910 +0200
+++ authconfig-6.2.10/authinfo.py	2015-04-01 19:05:27.879900326 +0200
@@ -116,7 +116,7 @@ PATH_LIBSSS_AUTOFS = "/usr" + LIBDIR + "
 PATH_WINBIND_NET = "/usr/bin/net"
 PATH_IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
 
-PATH_LDAP_CACERTS = "/etc/openldap/cacerts"
+PATH_LDAP_CACERTS = "/etc/openldap/certs"
 LDAP_CACERT_DOWNLOADED = "authconfig_downloaded.pem"
 
 PATH_CONFIG_BACKUPS = "/var/lib/authconfig"
@@ -155,6 +155,13 @@ def matchKey(line, key):
 	else:
 		return False
 
+def matchKeyI(line, key):
+	if line.lower().startswith(key.lower()):
+		# Skip intervening whitespace.
+		return line[len(key):].lstrip()
+	else:
+		return False
+
 def matchKeyEquals(line, key):
 	if line.startswith(key):
 		# Skip intervening whitespace.
@@ -926,9 +933,9 @@ def feedFork(command, echo, query, respo
 		try:
 			c = os.read(master, 1)
 		except OSError as err:
-			if err == errno.EINTR or err == errno.EAGAIN:
+			if err.errno == errno.EINTR or err.errno == errno.EAGAIN:
 				pass
-			elif err == errno.EIO:
+			elif err.errno == errno.EIO:
 				os.close(master)
 				eof = True
 			else:
@@ -1222,14 +1229,13 @@ class CacheBackup(FileBackup):
 		return rv
 
 # indexes for the configs
-(CFG_HESIOD, CFG_YP, CFG_LDAP, CFG_NSSLDAP, CFG_PAMLDAP, CFG_NSLCD, CFG_OPENLDAP, CFG_KRB5,
+(CFG_HESIOD, CFG_YP, CFG_NSSLDAP, CFG_PAMLDAP, CFG_NSLCD, CFG_OPENLDAP, CFG_KRB5,
 	CFG_KRB, CFG_PAM_PKCS11, CFG_SMB, CFG_NSSWITCH, CFG_CACHE,
 	CFG_PAM, CFG_POSTLOGIN_PAM, CFG_PASSWORD_PAM, CFG_FINGERPRINT_PAM, CFG_SMARTCARD_PAM, CFG_AUTHCONFIG, CFG_NETWORK, CFG_LIBUSER, CFG_PWQUALITY,
-	CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 30))
+	CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 29))
 all_configs = [
 	FileBackup("hesiod.conf", SYSCONFDIR+"/hesiod.conf"),
 	FileBackup("yp.conf", SYSCONFDIR+"/yp.conf"),
-	FileBackup("ldap.conf", SYSCONFDIR+"/ldap.conf"),
 	FileBackup("nss_ldap.conf", SYSCONFDIR+"/nss_ldap.conf"),
 	FileBackup("pam_ldap.conf", SYSCONFDIR+"/pam_ldap.conf"),
 	FileBackup("nslcd.conf", SYSCONFDIR+"/nslcd.conf"),
@@ -1627,7 +1633,6 @@ class AuthInfo:
 
 	# Read LDAP setup from /etc/ldap.conf.
 	def readLDAP(self, ref):
-		self.ldapCacertDir = PATH_LDAP_CACERTS
 		# Open the file.  Bail if it's not there or there's some problem
 		# reading it.
 		try:
@@ -1640,45 +1645,52 @@ class AuthInfo:
 					f = open(all_configs[CFG_PAMLDAP].origPath, "r")
 				except IOError:
 					try:
-						f = open(all_configs[CFG_LDAP].origPath, "r")
+						f = open(all_configs[CFG_OPENLDAP].origPath, "r")
 					except IOError:
+						self.ldapCacertDir = PATH_LDAP_CACERTS
 						return False
 
 		for line in f:
 			line = line.strip()
 
 			# Is it a "base" statement?
-			value = matchKey(line, "base")
+			value = matchKeyI(line, "base")
 			if value and checkDN(value):
 				# Save the base DN.
 				self.setParam("ldapBaseDN", value, ref)
 				continue
 			# Is it a "host" statement?
-			value = matchKey(line, "host")
+			value = matchKeyI(line, "host")
 			if value:
 				# Save the host name or IP.
 				self.setParam("ldapServer", value, ref)
 				continue
 			# Is it a "uri" statement?
-			value = matchKey(line, "uri")
+			value = matchKeyI(line, "uri")
 			if value:
 				# Save the host name or IP.
 				self.setParam("ldapServer", value, ref)
 				continue
 			# Is it a "ssl" statement?
-			value = matchKey(line, "ssl")
+			value = matchKeyI(line, "ssl")
 			if value:
 				self.setParam("enableLDAPS", matchLine(value, "start_tls"), ref)
 				continue
 			# Is it a "nss_schema" statement?
-			value = matchKey(line, "nss_schema")
+			value = matchKeyI(line, "nss_schema")
 			if value:
 				self.setParam("ldapSchema", value, ref)
 				continue
+			value = matchKeyI(line, "tls_cacertdir")
+			if value:
+				self.setParam("ldapCacertDir", value, ref)
+				continue
 			# We'll pull MD5/DES crypt ("pam_password") from the config
 			# file, or from the pam_unix PAM config lines.
 
 		self.ldapServer = self.ldapHostsToURIs(cleanList(self.ldapServer), False)
+		if not self.ldapCacertDir:
+			self.ldapCacertDir = PATH_LDAP_CACERTS
 		f.close()
 		return True
 
@@ -2747,10 +2759,6 @@ class AuthInfo:
 		return True
 
 	def writeLDAP(self):
-		if os.path.isfile(all_configs[CFG_LDAP].origPath):
-			all_configs[CFG_LDAP].backup(self.backupDir)
-			self.writeLDAP2(all_configs[CFG_LDAP].origPath,
-					"uri", "host", "base", True, True, True)
 		if os.path.isfile(all_configs[CFG_NSSLDAP].origPath):
 			all_configs[CFG_NSSLDAP].backup(self.backupDir)
 			self.writeLDAP2(all_configs[CFG_NSSLDAP].origPath,
@@ -4443,11 +4451,11 @@ class AuthInfo:
 			self.uninstallIPA()
 
 	def testLDAPCACerts(self):
-		if self.enableLDAP or self.enableLDAPAuth:
+		if self.enableLDAP or self.enableLDAPAuth or self.ldapCacertURL:
 			try:
 				os.stat(self.ldapCacertDir)
 			except OSError as err:
-				if err == errno.ENOENT:
+				if err.errno == errno.ENOENT:
 					os.mkdir(self.ldapCacertDir, 0o755)
 
 			return isEmptyDir(self.ldapCacertDir)
@@ -4455,7 +4463,7 @@ class AuthInfo:
 
 	def rehashLDAPCACerts(self):
 		if ((self.enableLDAP or self.enableLDAPAuth) and
-			(self.enableLDAPS or 'ldaps:' in self.ldapServer)):
+			(self.enableLDAPS or 'ldaps:' in self.ldapServer)) or self.ldapCacertURL:
 			os.system("/usr/sbin/cacertdir_rehash " + self.ldapCacertDir)
 
 	def downloadLDAPCACert(self):