diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index bad84ef..fd608e1 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -2077,6 +2077,23 @@ void LDAPManager::writeCronFiles() {
 	system(CRON_UPDATE_NSS_COMMAND);
 }
 
+void LDAPManager::writePrimaryRealmCertificateUpdateCronFile() {
+	TQFile file(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE);
+	if (file.open(IO_WriteOnly)) {
+		TQTextStream stream( &file );
+
+		stream << "# This file was automatically generated by TDE\n";
+		stream << "# All changes will be lost!\n";
+		stream << "\n";
+		stream << "#!/bin/sh" << "\n";
+		stream << CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND << "\n";
+
+		file.close();
+	}
+
+	system(CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND);
+}
+
 LDAPRealmConfigList LDAPManager::readTDERealmList(KSimpleConfig* config, bool disableAllBonds) {
 	LDAPRealmConfigList realms;
 
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index 1e7fb23..35d3c27 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -31,6 +31,10 @@
 
 #include <ksimpleconfig.h>
 
+// FIXME
+// Connect this to CMake/Automake
+#define TDE_BINDIR "/opt/trinity/bin"
+
 #define TDE_CERTIFICATE_DIR "/etc/trinity/ldap/tde-ca/"
 #define KERBEROS_PKI_ANCHORDIR "/etc/trinity/ldap/tde-ca/anchors/"
 #define KERBEROS_PKI_PRIVATEDIR "/etc/trinity/ldap/tde-ca/private/"
@@ -50,6 +54,9 @@
 
 #define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
 
+#define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE "/etc/cron.daily/tde-upd-pri-rlm-certs"
+#define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND TDE_BINDIR "/primaryrccertupdater"
+
 // Values from hdb.asn1
 enum LDAPKRB5Flags {
 	KRB5_INITIAL			= 0x00000001,
@@ -369,6 +376,7 @@ class LDAPManager : public TQObject {
 		int setPasswordForUser(LDAPUserInfo user, TQString *errstr);
 
 		static void writeCronFiles();
+		static void writePrimaryRealmCertificateUpdateCronFile();
 		static TQString getMachineFQDN();
 		static void writeLDAPConfFile(LDAPRealmConfig realmcfg);
 		static void writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* config);