diff --git a/src/Makefile.am b/src/Makefile.am
index 90c6ea3..0242555 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,7 +5,7 @@ METASOURCES = AUTO
 kde_module_LTLIBRARIES = kcm_ldap.la
 
 kcm_ldap_la_SOURCES = ldapbonding.cpp ldapconfigbase.ui realmpropertiesdialog.cpp bondintropage.cpp bondintropagedlg.ui bondrealmpage.cpp bondrealmpagedlg.ui bondfinishpage.cpp bondfinishpagedlg.ui bondwizard.cpp ldappasswddlg.cpp
-kcm_ldap_la_LIBADD = -lkio $(LIB_TDEUI)
+kcm_ldap_la_LIBADD = -lkio $(LIB_TDEUI) -ltdeldap
 kcm_ldap_la_LDFLAGS = -avoid-version -module -no-undefined \
 	$(all_libraries)
 
diff --git a/src/ldapbonding.cpp b/src/ldapbonding.cpp
index d0d5346..4d939b3 100644
--- a/src/ldapbonding.cpp
+++ b/src/ldapbonding.cpp
@@ -54,7 +54,6 @@
 #define PAMD_DIRECTORY "/etc/pam.d/"
 #define PAMD_COMMON_ACCOUNT "common-account"
 #define PAMD_COMMON_AUTH "common-auth"
-#define CRON_UPDATE_NSS_FILE "/etc/cron.daily/upd-local-nss-db"
 
 typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
 
@@ -243,6 +242,8 @@ void LDAPConfig::defaults() {
 }
 
 void LDAPConfig::save() {
+	TQString errorstring;
+
 	// Write system configuration
 	systemconfig->setGroup(NULL);
 	systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());
@@ -285,9 +286,24 @@ void LDAPConfig::save() {
 		// Write the PAM configuration files
 		writePAMFiles();
 		// Write the cron files
-		writeCronFiles();
-		// RAJA FIXME
-		// Update the SUDOERS file with the domain-wide computer local admin group!
+		LDAPManager::writeCronFiles();
+
+		// Bind anonymously to LDAP
+		LDAPCredentials* credentials = new LDAPCredentials;
+		credentials->username = "";
+		credentials->password = "";
+		credentials->realm = m_defaultRealm.upper();
+		LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), "ldap://", credentials);
+
+		// Add the domain-wide computer local admin group to local sudoers
+		ldap_mgr->writeSudoersConfFile(&errorstring);
+		// Get and install the CA root certificate from LDAP
+		mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+		mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+		ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring);
+
+		delete ldap_mgr;
+		delete credentials;
 	}
 
 	load();
@@ -664,21 +680,6 @@ void LDAPConfig::writePAMFiles() {
 	}
 }
 
-void LDAPConfig::writeCronFiles() {
-	TQFile file(CRON_UPDATE_NSS_FILE);
-	if (file.open(IO_WriteOnly)) {
-		TQTextStream stream( &file );
-
-		stream << "# This file was automatically generated by TDE\n";
-		stream << "# All changes will be lost!\n";
-		stream << "\n";
-		stream << "#!/bin/sh" << "\n";
-		stream << "/usr/sbin/nss_updatedb ldap" << "\n";
-
-		file.close();
-	}
-}
-
 int LDAPConfig::buttons() {
 	return KCModule::Apply|KCModule::Help;
 }
diff --git a/src/ldapbonding.h b/src/ldapbonding.h
index ebe4973..7a86edd 100644
--- a/src/ldapbonding.h
+++ b/src/ldapbonding.h
@@ -72,7 +72,6 @@ class LDAPConfig: public KCModule
 		void writeLDAPConfFile();
 		void writeNSSwitchFile();
 		void writePAMFiles();
-		void writeCronFiles();
 
 	private:
 		KAboutData *myAboutData;