Thanks Paul and Gordon for your reply. I'm not sure, but I think the problem is setting up ldap+TLS while the certificates are not uploaded on the server. So I decide to setup LDAP in a "post" section only, adding the "--enablesssd --enablesssdauth" options suggested by Gordon too. in the kickstart file: *auth --useshadow --passalgo=sha512 * in a post section: # LDAP setup *authconfig --enableldap --enableldapauth --enablesssd --enablesssdauth --ldapserver="ldaps://my.ldap.server" --ldapbasedn=dc=my,dc=local,dc=dn --update** *# Certificat Upload *cd /etc/openldap/cacerts/ && wget http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/ca-bundle.crt** *# server public key upload *cd /etc/openldap/cacerts/ && wget http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/server.crt** *cd / # TLS setup *authconfig --enableldaptls --update** * And this works fine. Certificat bundle seams to be accepted (I've also tryed to split the file, no change) and the last command builds the hashes of the certificates too. My last problem is that firstboot --disabled don't seams to work in my config but... Thanks for your helpfull suggestions about sssd and certificates. Patrick -- =================================================================== | Equipe M.O.S.T. | | | Patrick BEGOU | mailto:Patrick.Begou at grenoble-inp.fr | | LEGI | | | BP 53 X | Tel 04 76 82 51 35 | | 38041 GRENOBLE CEDEX | Fax 04 76 82 52 71 | ===================================================================