diff --git a/roles/ldap/handlers/main.yml b/roles/ldap/handlers/main.yml
new file mode 100644
index 0000000..1ae22c4
--- /dev/null
+++ b/roles/ldap/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+ - name: restart nslcd
+   service: name=nslcd enabled=yes state=restarted
diff --git a/roles/ldap/tasks/ldap.yml b/roles/ldap/tasks/ldap.yml
new file mode 100644
index 0000000..297d0d4
--- /dev/null
+++ b/roles/ldap/tasks/ldap.yml
@@ -0,0 +1,56 @@
+---
+- name: ldap - install
+  package: name={{ item }}
+  with_items:
+  - nss-pam-ldapd
+
+- name: ldap - /etc/nsswitch.conf
+  template: dest=/etc/nsswitch.conf src=nsswitch.conf.j2 owner=root group=root mode=0644
+
+- name: ldap - /etc/nslcd.conf
+  template: dest=/etc/nslcd.conf src=nslcd.conf.j2 owner=root group=nslcd mode=0640
+  notify: restart nslcd
+
+- name: ldap - start nslcd
+  service: name=nslcd enabled=yes state=started
+
+- name: ldap - PAM
+  pamd:
+    name: "{{ item.name }}"
+    type: "{{ item.type }}"
+    new_type: "{{ item.type }}"
+    control: required
+    new_control: "{{ item.control }}"
+    module_path: pam_unix.so
+    new_module_path: "{{ item.module_path }}"
+    module_arguments: "{{ item.module_arguments }}"
+    state: "{{ item.state }}"
+  with_items:
+  - { name: system-auth, type: auth, control: sufficient, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: before }
+  - { name: system-auth, type: account, control: sufficient, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: before }
+  - { name: system-auth, type: password, control: sufficient, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: before }
+  - { name: system-auth, type: session, control: optional, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: after }
+
+- name: ldap - enable passwd change
+  lineinfile:
+    dest: /etc/pam.d/passwd
+    line: "password        sufficient      pam_ldap.so"
+    insertbefore: "^password"
+    firstmatch: yes
+    state: present
+
+- name: ldap - sudoers ensure includedir
+  lineinfile:
+    dest: /etc/sudoers
+    line: "#includedir /etc/sudoers.d"
+    state: present
+    validate: "/usr/sbin/visudo -cf %s"
+
+- name: sudoers - create
+  copy:
+    content: "%admin ALL=(ALL) ALL"
+    dest: "/etc/sudoers.d/admin"
+    mode: 0440
+    owner: root
+    group: root
+    validate: "/usr/sbin/visudo -cf %s"
diff --git a/roles/ldap/templates/nslcd.conf.j2 b/roles/ldap/templates/nslcd.conf.j2
new file mode 100644
index 0000000..9ed4457
--- /dev/null
+++ b/roles/ldap/templates/nslcd.conf.j2
@@ -0,0 +1,9 @@
+# {{ ansible_managed }}
+
+# See the manual page nslcd.conf(5) for more information.
+
+uid nslcd
+gid nslcd
+
+uri ldap://gagarin.fet.htu.tuwien.ac.at/
+base dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at
diff --git a/roles/ldap/templates/nsswitch.conf.j2 b/roles/ldap/templates/nsswitch.conf.j2
new file mode 100644
index 0000000..8972846
--- /dev/null
+++ b/roles/ldap/templates/nsswitch.conf.j2
@@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+# /etc/nsswitch.conf
+#
+# See nsswitch.conf(5) for information.
+#
+passwd:         files ldap
+group:          files ldap
+shadow:         files ldap
+
+hosts:          files mdns mdns4_minimal mdns4 myhostname dns
+networks:       files
+
+protocols:      files
+services:       files
+ethers:         files
+rpc:            files