diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8adfa15..7718a73 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -54,6 +54,10 @@
   - add flag create to trigger creating or not creating the module resources
   - ignore boc:tf_module_version tag in lifecycle change
 
+* 1.4.1 -- 2023-10-06
+  - change ldap.e.tco default to ldap2.e.tco
+  - add -p to mkdir
+
 ## version 2.x
 
 branch: compat-tf-0.13
diff --git a/README.md b/README.md
index cbe21b2..d201074 100644
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ module "myrole1" {
 
   # optional
   max_session_duration       = 14400 # 4h
-  ldap_host                  = "ldap.e.tco.census.gov"
+  ldap_host                  = "ldap2.e.tco.census.gov"
   ldap_port                  = 389
 }
 ```
@@ -149,7 +149,7 @@ No modules.
 | <a name="input_enable_ldap_creation"></a> [enable\_ldap\_creation](#input\_enable\_ldap\_creation) | Flag to enable/disable LDAP object creation for role group (for SAML only). Also requires LDAP credentials. | `bool` | `false` | no |
 | <a name="input_inline_policies"></a> [inline\_policies](#input\_inline\_policies) | List of IAM Policy Document objects to include in this role. Format is {name=name,policy=policy-json} | `list(object({ name = string, policy = string }))` | `[]` | no |
 | <a name="input_instance_profile_path"></a> [instance\_profile\_path](#input\_instance\_profile\_path) | Instance profile path | `string` | `"/"` | no |
-| <a name="input_ldap_host"></a> [ldap\_host](#input\_ldap\_host) | LDAP Hostname (default is for eBOCAS) | `string` | `"ldap.e.tco.census.gov"` | no |
+| <a name="input_ldap_host"></a> [ldap\_host](#input\_ldap\_host) | LDAP Hostname (default is for eBOCAS) | `string` | `"ldap2.e.tco.census.gov"` | no |
 | <a name="input_ldap_password"></a> [ldap\_password](#input\_ldap\_password) | LDAP password for ldap\_user for writing data into eDirectory or Active Directory | `string` | `""` | no |
 | <a name="input_ldap_port"></a> [ldap\_port](#input\_ldap\_port) | LDAP port (default is 389 but also using STARTTLS) | `number` | `389` | no |
 | <a name="input_ldap_user"></a> [ldap\_user](#input\_ldap\_user) | LDAP user for writing data into eDirectory or Active Directory | `string` | `""` | no |
diff --git a/main.tf b/main.tf
index 6f1cd8c..b6484f5 100644
--- a/main.tf
+++ b/main.tf
@@ -58,7 +58,7 @@
 * 
 *   # optional
 *   max_session_duration       = 14400 # 4h
-*   ldap_host                  = "ldap.e.tco.census.gov"
+*   ldap_host                  = "ldap2.e.tco.census.gov"
 *   ldap_port                  = 389
 * }
 * ```
@@ -199,7 +199,7 @@ resource "null_resource" "role_ldif" {
   }
 
   provisioner "local-exec" {
-    command = "test -d ${path.root}/setup || mkdir ${path.root}/setup"
+    command = "test -d ${path.root}/setup || mkdir -p ${path.root}/setup"
   }
   provisioner "local-exec" {
     command = "echo '${data.template_file.role[0].rendered}' > ${path.root}/setup/${local.role_name}.ldif"
diff --git a/variables.ldap.tf b/variables.ldap.tf
index 5b7f231..a00fc6c 100644
--- a/variables.ldap.tf
+++ b/variables.ldap.tf
@@ -16,7 +16,7 @@ variable "ldap_password" {
 variable "ldap_host" {
   description = "LDAP Hostname (default is for eBOCAS)"
   type        = string
-  default     = "ldap.e.tco.census.gov"
+  default     = "ldap2.e.tco.census.gov"
 }
 
 variable "ldap_port" {
diff --git a/version.tf b/version.tf
index d36f45e..7a2122f 100644
--- a/version.tf
+++ b/version.tf
@@ -1,4 +1,4 @@
 locals {
-  _module_version = "1.4.0"
+  _module_version = "1.4.1"
   #  _module_version = "2.2.0"
 }