diff --git a/roles/common/tasks/Debian.yml b/roles/common/tasks/Debian.yml
index 8d2ba3c..e33c149 100644
--- a/roles/common/tasks/Debian.yml
+++ b/roles/common/tasks/Debian.yml
@@ -38,5 +38,8 @@
 - name: Create LDAP certificate directory
   file: path=/etc/ldap/ssl state=directory
 
+- name: Create LDAP client config
+  template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf mode=0644
+
 - name: Copy LDAP certificate
   copy: src=BKCA.crt dest=/etc/ldap/ssl/BKCA.crt mode=0444
diff --git a/roles/common/templates/ldap.conf.j2 b/roles/common/templates/ldap.conf.j2
new file mode 100644
index 0000000..4622f5a
--- /dev/null
+++ b/roles/common/templates/ldap.conf.j2
@@ -0,0 +1,17 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+BASE	{{ ldap_base }}
+URI	{{ ldap_uri }}
+
+#SIZELIMIT	12
+#TIMELIMIT	15
+#DEREF		never
+
+# TLS certificates (needed for GnuTLS)
+TLS_CACERT	/etc/ldap/ssl/BKCA.crt
+