diff --git a/group_vars/ldap.yaml b/group_vars/ldap.yaml
new file mode 100644
index 0000000..53187b1
--- /dev/null
+++ b/group_vars/ldap.yaml
@@ -0,0 +1,4 @@
+---
+
+group_nft_input:
+  - "tcp dport { ldap, ldaps } accept # Allow LDAP traffic"
diff --git a/roles/389-ldap/tasks/main.yaml b/roles/389-ldap/tasks/main.yaml
new file mode 100644
index 0000000..eaf4383
--- /dev/null
+++ b/roles/389-ldap/tasks/main.yaml
@@ -0,0 +1,9 @@
+---
+
+- name: Install packages
+  ansible.builtin.apt:
+    state: present
+    pkg:
+      - 389-ds-base
+      - shelldap
+