diff --git a/roles/saslauthd/tasks/main.yml b/roles/saslauthd/tasks/main.yml
index e769f58..a0bab05 100644
--- a/roles/saslauthd/tasks/main.yml
+++ b/roles/saslauthd/tasks/main.yml
@@ -19,7 +19,7 @@
       template:
         dest: /etc/saslauthd.conf
         src: saslauthd.conf.j2
-        mode: 0644
+        mode: 0640
         owner: root
         group: "{{ ansible_wheel }}"
       notify: restart saslauthd
diff --git a/roles/saslauthd/templates/saslauthd.conf.j2 b/roles/saslauthd/templates/saslauthd.conf.j2
index 740e768..e6df18c 100644
--- a/roles/saslauthd/templates/saslauthd.conf.j2
+++ b/roles/saslauthd/templates/saslauthd.conf.j2
@@ -1,2 +1,11 @@
-ldap_servers: {{ ldap_server }}
+ldap_servers: {% for server in ldap_server %}ldaps://{{ server }} {% endfor %}
+
 ldap_search_base: {{ ldap_basedn }}
+
+ldap_tls_check_peer: yes
+ldap_tls_cacert_file: {{ tls_bundle }}
+
+ldap_use_sasl: yes
+ldap_mech: EXTERNAL
+ldap_tls_cert: {{ tls_certs }}/{{ inventory_hostname }}.crt
+ldap_tls_key: {{ tls_private }}/{{ inventory_hostname }}.key