diff --git a/pillar/role/openvpn.sls b/pillar/role/openvpn.sls
index 792d600..2602355 100644
--- a/pillar/role/openvpn.sls
+++ b/pillar/role/openvpn.sls
@@ -1 +1,23 @@
-#
+sssd:
+  settings:
+    sssd: True
+    sssd_conf:
+      domains:
+        freeipa.infra.opensuse.org:
+          enumerate: False
+          id_provider: ldap
+          ldap_group_uuid: entryuuid
+          ldap_schema: rfc2307bis
+          ldap_search_base: cn=users,cn=accounts,dc=infra,dc=opensuse,dc=org
+          ldap_user_uuid: entryuuid
+          ldap_tls_reqcert: allow
+          ldap_uri: ldap://freeipa.infra.opensuse.org
+      general_settings:
+        config_file_version: 2
+        domains: freeipa.infra.opensuse.org
+        services: nss, pam
+      services:
+        nss:
+          filter_group: root
+          filter_users: root
+        pam: {}
diff --git a/pillar/role/saltmaster.sls b/pillar/role/saltmaster.sls
index bfeeb98..04a9561 100644
--- a/pillar/role/saltmaster.sls
+++ b/pillar/role/saltmaster.sls
@@ -37,6 +37,7 @@ salt:
       - https://gitlab.opensuse.org/saltstack-formulas/powerdns-formula.git
       - https://gitlab.opensuse.org/saltstack-formulas/salt-formula.git
       - https://gitlab.opensuse.org/saltstack-formulas/sqlite-formula.git
+      - https://gitlab.opensuse.org/saltstack-formulas/sssd-formula.git
       - https://gitlab.opensuse.org/saltstack-formulas/sudoers-formula.git
       - https://gitlab.opensuse.org/saltstack-formulas/timezone-formula.git
       - https://gitlab.opensuse.org/saltstack-formulas/users-formula.git
diff --git a/salt/profile/ldap/client/init.sls b/salt/profile/ldap/client/init.sls
new file mode 100644
index 0000000..f97afde
--- /dev/null
+++ b/salt/profile/ldap/client/init.sls
@@ -0,0 +1,2 @@
+include:
+  - sssd
diff --git a/salt/role/openvpn.sls b/salt/role/openvpn.sls
index 792d600..2328ec5 100644
--- a/salt/role/openvpn.sls
+++ b/salt/role/openvpn.sls
@@ -1 +1,2 @@
-#
+include:
+  - profile.ldap.client