@@ -699,8 +758,9 @@
 			tls_mode = 0
 
 		## Determine ad_ldap_base with exact case
+		ldaps = self.baseConfig.is_true('%s/ad/ldap/ldaps' % self.CONFIGBASENAME, False) # tls or ssl
 		try:
-			self.lo_ad=univention.uldap.access(host=self.ad_ldap_host, port=int(self.ad_ldap_port), base='', binddn=None, bindpw=None, start_tls=tls_mode, use_ldaps = ldaps, ca_certfile=self.ad_ldap_cer)
+			self.lo_ad=univention.uldap.access(host=self.ad_ldap_host, port=int(self.ad_ldap_port), base='', binddn=None, bindpw=None, start_tls=tls_mode, use_ldaps = ldaps, ca_certfile=self.ad_ldap_certificate)
 			self.ad_ldap_base = self.lo_ad.lo.search_ext_s('', ldap.SCOPE_BASE,
 									'objectclass=*', ['defaultNamingContext'],
 									timeout=-1, sizelimit=0)[0][1]['defaultNamingContext'][0]
@@ -707,7 +767,6 @@
 		except Exception:
 			ud.debug(ud.LDAP, ud.ERROR, 'Failed to lookup AD LDAP base, using UCR value.')
 
-		ldaps = self.baseConfig.is_true('%s/ad/ldap/ldaps' % self.CONFIGBASENAME, False) # tls or ssl
 
 		if self.baseConfig.is_true('%s/ad/ldap/kerberos' % self.CONFIGBASENAME):
 			os.environ['KRB5CCNAME']='/var/cache/univention-ad-connector/krb5.cc'