diff --git a/roles/ldap/server/templates/slapd.conf.j2 b/roles/ldap/server/templates/slapd.conf.j2
index a01f699..e733c23 100644
--- a/roles/ldap/server/templates/slapd.conf.j2
+++ b/roles/ldap/server/templates/slapd.conf.j2
@@ -98,11 +98,15 @@ authz-regexp
 authz-regexp
     "uid=([^,]\+),cn=gssapi,cn=auth"
     "ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))"
+authz-regexp
+    "uid=([^,]\+),cn=gss-spnego,cn=auth"
+    "ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))"
 
 # require authentication for authenticated users that don't match above
 access to *
     by dn.children="cn=peercred,cn=external,cn=auth" auth
     by dn.children="cn=gssapi,cn=auth" auth
+    by dn.children="cn=gss-spnego,cn=auth" auth
     by anonymous auth
     by * break