diff --git a/roles/common/files/etc/sssd/sssd.conf b/roles/common/files/etc/sssd/sssd.conf
new file mode 100644
index 0000000..fdc372f
--- /dev/null
+++ b/roles/common/files/etc/sssd/sssd.conf
@@ -0,0 +1,10 @@
+[sssd]
+config_file_version = 2
+domains = thunix.net
+
+[domain/thunix.net]
+id_provider = ldap
+auth_provider = ldap
+ldap_uri = ldap://ldap.thunix.net
+cache_credentials = True
+ldap_search_base = dc=thunix,dc=net
diff --git a/roles/common/files/usr/local/share/ca-certificates/ldap.crt b/roles/common/files/usr/local/share/ca-certificates/ldap.crt
new file mode 100644
index 0000000..0352dc7
--- /dev/null
+++ b/roles/common/files/usr/local/share/ca-certificates/ldap.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEBzCCAm+gAwIBAgIUXFXL1Kg7ont5GCGMCsuZiTTIEW8wDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAxMQVHVybktleSBPcGVuTERBUDAeFw0yMjA5MjYwMDMzNDVa
+Fw0yMzA5MjYwMDMzNDVaMBsxGTAXBgNVBAMTEFR1cm5LZXkgT3BlbkxEQVAwggGi
+MA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDAxK8sHF0xhs59sL3CQ90zgaxu
+QhJ7EfEyCqog/OjHpEri91G0tFJrinMx8NV/BWyt0lWCDnMYId4m3tMmKflfYw/2
+i0n95YqS+bTFmLKHoNes1r0HVYNVHYdywxT7xldi2x+roUeT6JWk7LllvUyIEeMh
+fgzPSeRG2/iuIyUXNnjVtjguU3Nl7FpFxrF6BVhIq6/XllcaLGbmtnbEajzFDVTw
+G60s3mQd08+gzxkOpZpeGdLw9P6DIlO8k21mwyubpfYNs2o7P8W+1fl6PumM9g0Q
+8WkiYgmMCwa3Z2y+/7wN9A86PCw4VhkBCbMea++1bghkH2sipYPBCi8HK2JMrw/y
+QrWFNrxWeN+OaqxpYfeJhThwrK+EAEoFSGSuUlTDSs++GaeXnqZ8xjPpIDcleuTc
+shSYWFf56oAi43gmqqA2S12ckEGJkC3u87Asy5k/k8JoJMj4oVpkSg/mYqwoz1f1
+lJbyA45LJjnjSLFUpGjCXLyzZbWQ2XPwYxQ+h6sCAwEAAaNDMEEwDwYDVR0TAQH/
+BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBSTbMae1lU8TnNkcqcB
+Xhw0hywp9DANBgkqhkiG9w0BAQsFAAOCAYEAmBL4vDmZQ+jbqWu9V8VDtFr7QAsp
+LoXqg17OiSnoEU/uUQtWW/X/+YWooyzKfn2ze4OQAvFGJmtjm1FIOECpeFHYkf7R
+ud0NDw/mfBQGUZVR6TSqCAyKse6qZTC326vY7mPaZWgv2YpuR0+77J+R6njXh9Sx
+hUrULS9ApAPv43qVbqsyamu8ddqqtzJp5MATKtXUshBrwmt0/ytdztt2aQBFvVIf
+IyB3YbnpXRZpVkkA7OBHpNcI+zRZzL/G1SabIX+IqyKOends0Gyuy20MaYrmHbHh
+Z2DXaK5mQp7TasDNDbCAg+dgRKUCVF3jiScRmZTwXYCoY7egMjqrI6aMMxlhoN4T
+V8SWJKS8MVkSndn3we6fr99AzMepm+4joJKebSAzNDCN6gLhSieyvTGT7xPC/paX
+a5gs/7YMupdOLfZejCagXlwO4NYyZvu8pRErvEXWTiJ0c2c9cjlhWhOJ1E5qpEEZ
+bI8KZ7hjtvRyAW8ynGChFgZ6T3e5ZrBIxP8/
+-----END CERTIFICATE-----
diff --git a/roles/common/handlers/sssd.yml b/roles/common/handlers/sssd.yml
new file mode 100644
index 0000000..40008dc
--- /dev/null
+++ b/roles/common/handlers/sssd.yml
@@ -0,0 +1,4 @@
+---
+- name: SSSD
+  shell: /usr/sbin/systemctl reload sssd
+  shell: /usr/sbin/pam-auth-update --enable mkhomedir