diff --git a/roles/nslcd/defaults/main.yml b/roles/nslcd/defaults/main.yml
new file mode 100644
index 0000000..a4ed437
--- /dev/null
+++ b/roles/nslcd/defaults/main.yml
@@ -0,0 +1,20 @@
+---
+
+nslcd_config_uid: nslcd
+nslcd_config_gid: nslcd
+
+nslcd_config_ldap_uri: ldaps://127.0.0.1
+nslcd_config_ldap_base: ~
+nslcd_config_ldap_scope: sub
+nslcd_config_ldap_version: 3
+nslcd_config_ldap_bind_dn: ~
+nslcd_config_ldap_bind_pw: ~
+nslcd_config_ldap_root_pw_mod_dn: ~
+nslcd_config_ldap_ssl: on
+nslcd_config_ldap_tls_reqcert: always
+nslcd_config_ldap_tls_cacertfile: /etc/ssl/certs/ca-certificates.crt
+
+nslcd_config_pam_authz_search: >-2
+  (&(objectClass=posixAccount)(uid=$username)(|
+    (host=$hostname)(host=$fqdn)
+  ))
diff --git a/roles/nslcd/tasks/main.yml b/roles/nslcd/tasks/main.yml
new file mode 100644
index 0000000..ebc7f52
--- /dev/null
+++ b/roles/nslcd/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+
+- name: Ensure nslcd is installed
+  apt:
+    name: "{{ nslcd_apt_package_name }}"
+    state: present
+  when: ansible_facts['pkg_mgr'] == 'apt'
+
+- name: Ensure config is templated
+  template:
+    src: nslcd.conf.j2
+    dest: /etc/nslcd.conf
+    owner: root
+    group: root
+    mode: "0640"
+
+- name: Ensure systemd service is enabled
+  systemd:
+    service: "{{ nslcd_systemd_service_name }}"
+    enabled: true
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Ensure systemd service is running
+  systemd:
+    service: "{{ nslcd_systemd_service_name }}"
+    state: started
+  when: ansible_facts['service_mgr'] == 'systemd'
diff --git a/roles/nslcd/templates/nslcd.conf.j2 b/roles/nslcd/templates/nslcd.conf.j2
new file mode 100644
index 0000000..65ad41b
--- /dev/null
+++ b/roles/nslcd/templates/nslcd.conf.j2
@@ -0,0 +1,17 @@
+uid {{ nslcd_config_uid }}
+gid {{ nslcd_config_gid }}
+
+uri {{ nslcd_config_ldap_uri }}
+base {{ nslcd_config_ldap_base }}
+binddn {{ nslcd_config_ldap_bind_dn }}
+bindpw {{ nslcd_config_ldap_bind_pw }}
+ldap_version {{ nslcd_config_ldap_version }}
+
+rootpwmoddn {{ nslcd_config_ldap_root_pw_mod_dn }}
+
+ssl {{ nslcd_config_ldap_ssl }}
+tls_reqcert {{ nslcd_config_ldap_tls_reqcert }}
+tls_cacertfile {{ nslcd_config_ldap_tls_cacertfile }}
+
+scope {{ nslcd_config_ldap_scope }}
+pam_authz_search {{ nslcd_config_ldap_pam_authz_search }}
diff --git a/roles/nslcd/vars/main.yml b/roles/nslcd/vars/main.yml
new file mode 100644
index 0000000..e69de29