--- /usr/share/pyshared/univention/connector/ad/__init__.py.orig	2016-12-20 13:58:52.043250368 +0100
+++ /usr/share/pyshared/univention/connector/ad/__init__.py	2016-12-20 14:01:41.631100725 +0100
@@ -907,14 +907,16 @@
 			tls_mode = 0
 
 		# Determine ad_ldap_base with exact case
+		ldaps = self.baseConfig.is_true('%s/ad/ldap/ldaps' % self.CONFIGBASENAME, False) # tls or ssl
 		try:
-			self.lo_ad = univention.uldap.access(host=self.ad_ldap_host, port=int(self.ad_ldap_port), base='', binddn=None, bindpw=None, start_tls=tls_mode, use_ldaps=ldaps, ca_certfile=self.ad_ldap_cer)
+			self.lo_ad=univention.uldap.access(host=self.ad_ldap_host, port=int(self.ad_ldap_port), base='', binddn=None, bindpw=None, start_tls=tls_mode, use_ldaps = ldaps, ca_certfile=self.ad_ldap_certificate)
+ 			self.ad_ldap_base = self.lo_ad.lo.search_ext_s('', ldap.SCOPE_BASE,
+ 									'objectclass=*', ['defaultNamingContext'],
+ 									timeout=-1, sizelimit=0)[0][1]['defaultNamingContext'][0]
 			self.ad_ldap_base = self.lo_ad.lo.search_ext_s('', ldap.SCOPE_BASE, 'objectclass=*', ['defaultNamingContext'], timeout=-1, sizelimit=0)[0][1]['defaultNamingContext'][0]
 		except Exception:
 			ud.debug(ud.LDAP, ud.ERROR, 'Failed to lookup AD LDAP base, using UCR value.')
 
-		ldaps = self.baseConfig.is_true('%s/ad/ldap/ldaps' % self.CONFIGBASENAME, False)  # tls or ssl
-
 		if self.baseConfig.is_true('%s/ad/ldap/kerberos' % self.CONFIGBASENAME):
 			os.environ['KRB5CCNAME'] = '/var/cache/univention-ad-connector/krb5.cc'
 			self.get_kerberos_ticket()