Hello, with all previous versions, to authenticate users from an Active Directory domain, using an LDAP connector worked without any problem on my labs, with or without using TLS. With TLS the file used is the following: /etc/kolla/config/keystone/domains/keystone.DOM1.conf [identity] driver = ldap [ldap] url = ldap://172.16.60.41 user = CN=ldapconnect,OU=openstack,DC=dom1,DC=loc password = XXXXXXXXXX suffix = DC=dom1,DC=loc user_tree_dn = OU=openstack,DC=dom1,DC=loc user_objectclass = person user_filter = (|(memberOf=CN=openstack-users,OU=openstack,DC=dom1,DC=loc)(memberOf=CN=openstack-admins,OU=openstack,DC=dom1,DC=loc)) user_id_attribute = sAMAccountName user_name_attribute = sAMAccountName user_mail_attribute = mail user_pass_attribute = user_enabled_attribute = userAccountControl user_enabled_mask = 2 user_enabled_default = 512 user_attribute_ignore = password,tenant_id,tenants group_objectclass = group group_tree_dn = OU=openstack,DC=dom1,DC=loc group_filter = (|(CN=openstack-users)(CN=openstack-admins)) group_id_attribute = cn group_name_attribute = name query_scope = sub chase_referrals = false use_tls = True tls_certificate = /etc/kolla/certificates/adserv.crt tls_req_cert = never I want to see if it works with Dalmatian (to update my lab, which I can't do with the Bobcat and Caracal versions because bugs block me). Without TLS (use_tls = False) , no problem, it works, my AD users can use Horizon and have access to their project. If I put "use_tls = True" and tls_certificate = /etc/kolla/certificates/adserv.crt .... It doesn't work with Dalmatian, certificate problem. Indeed, the certificate is not copied into the keystone container, so it can't use it. In the keystone logs (/var/kolla/keystone/keystone.log) there is an error message: 2025-01-15 08:36:04.477 1084 ERROR keystone.server.flask.request_processing.middleware.auth_context OSError: tls_cacertfile /etc/kolla/certificates/adserv.crt not found or is not a file However, my adserv.crt file has not changed, is valid, and is in /etc/kolla/certificates directory. What could have changed with the Dalmatian version? I tried to change parameters, but I can't find the solution. How should I proceed to make it work with TLS. I specify again that it works without TLS so the problem is really to use this certificate correctly, so to put it in the right place with the right parameter: tls_certificate or a new one? My lab use ubuntu 2204. Thanks a lot for your help Franck VEDEL