Comment 3 for bug 1274581

We could try and read /etc/ldap/ldap.conf if it exists and then read keystone.conf as a back up. But that could confuse admins. Maybe if the value of 'tls_cacertfile' is set to 'system' we parse the /etc/ldap/ldap.conf otherwise we use the file specifed by tls_cacertfile.

Thoughts?