diff --git a/roles/saslauthd/defaults/main.yml b/roles/saslauthd/defaults/main.yml
new file mode 100644
index 0000000..4a956e7
--- /dev/null
+++ b/roles/saslauthd/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+saslauthd_mech: pam
diff --git a/roles/saslauthd/handlers/main.yml b/roles/saslauthd/handlers/main.yml
new file mode 100644
index 0000000..6e11feb
--- /dev/null
+++ b/roles/saslauthd/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: restart saslauthd
+  service:
+    name: saslauthd
+    state: restarted
diff --git a/roles/saslauthd/tasks/main.yml b/roles/saslauthd/tasks/main.yml
new file mode 100644
index 0000000..33bf0c2
--- /dev/null
+++ b/roles/saslauthd/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- name: install packages
+  package:
+    name: cyrus-sasl
+    state: installed
+
+- block:
+    - name: set saslauthd to use ldap
+      lineinfile:
+        path: /etc/sysconfig/saslauthd
+        line: MECH=ldap
+        regexp: "^MECH=.*"
+      notify: restart saslauthd
+    - name: create saslauthd.conf
+      template:
+        dest: /etc/saslauthd.conf
+        src: saslauthd.conf.j2
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      notify: restart saslauthd
+  when: saslauthd_mech == "ldap"
+
+- name: enable saslauthd service
+  service:
+    name: saslauthd
+    state: started
+    enabled: true
diff --git a/roles/saslauthd/templates/saslauthd.conf.j2 b/roles/saslauthd/templates/saslauthd.conf.j2
new file mode 100644
index 0000000..740e768
--- /dev/null
+++ b/roles/saslauthd/templates/saslauthd.conf.j2
@@ -0,0 +1,2 @@
+ldap_servers: {{ ldap_server }}
+ldap_search_base: {{ ldap_basedn }}