diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp
index 4f1e731..45a16b9 100644
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@@ -436,6 +436,22 @@ class ldap::server {
         notify  => Service["slapd"],
     }
 
+    file { "/etc/openldap/cacerts":
+        ensure  => directory,
+        mode    => "0755",
+        owner   => "root",
+        group   => "root",
+        require => Package["openldap-server"],
+    }
+    exec { "populate-etc-openldap-cacerts":
+        path    => "/bin:/usr/bin:/sbin:/usr/sbin",
+        command => "csplit /etc/openldap/ca-certificates.crt '/BEGIN/' '{*}' ; sh -c 'for i in x* ; do name=`openssl x509 -hash -noout -in \$i`.0 ; openssl x509 -hash -in \$i -out \$name ; done' && rm -f x* .0",
+        cwd     => "/etc/openldap/cacerts",
+        onlyif  => "find /etc/openldap/cacerts ! -newer /etc/openldap/ca-certificates.crt | egrep '.*' || [ -z \"`ls /etc/openldap/cacerts`\" ]",
+        require => File["/etc/openldap/cacerts"],
+        before  => Service["slapd"],
+    }
+
     file { "slapd.conf":
         ensure  => present,
         path    => "${config}/slapd.conf",