diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp
new file mode 100644
index 0000000..ae287c9
--- /dev/null
+++ b/ldap/manifests/init.pp
@@ -0,0 +1,25 @@
+
+
+class ldap::client {
+
+    package { "openldap-client":
+        name   => $operatingsystem ? {
+            openbsd => "openldap-client",
+            default => "openldap-clients",
+        },
+        ensure => installed,
+    }
+
+    file { "/etc/openldap/ldap.conf":
+        ensure  => present,
+        content => template("ldap/ldap.conf.erb"),
+        mode    => 0644,
+        owner   => root,
+        group   => $operatingsystem ? {
+            openbsd => wheel,
+            default => root,
+        },
+        require => Package["openldap-client"],
+    }
+
+}
diff --git a/ldap/templates/ldap.conf.erb b/ldap/templates/ldap.conf.erb
new file mode 100644
index 0000000..b43acc7
--- /dev/null
+++ b/ldap/templates/ldap.conf.erb
@@ -0,0 +1,10 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+BASE		<%= ldap_basedn %>
+URI		<% ldap_server.each do |uri| %><%= uri %> <% end %>
+TLS_REQCERT	allow