some fixes to the certificates to allow the role to be resued and removing a default value for the ldap domain