diff --git a/vault/ldap.tf b/vault/ldap.tf
new file mode 100644
index 0000000..ce54085
--- /dev/null
+++ b/vault/ldap.tf
@@ -0,0 +1,19 @@
+resource "vault_ldap_auth_backend" "ldap" {
+    path        = "ldap"
+    url         = "ldap://ldap.ducamps.win"
+    userdn      = "dc=ducamps,dc=win"
+    userattr    = "uid"
+    discoverdn  = false
+    groupdn     = "cn=groups,dc=ducamps,dc=win"
+    groupfilter = "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))"
+    binddn      = "uid=vaultserviceaccount,cn=users,dc=ducamps,dc=win"
+    groupattr   = "cn"
+    bindpass    = var.ldap_bindpass
+}
+
+
+resource "vault_ldap_auth_backend_group" "vault_admin" {
+    groupname = "vault_admin"
+    policies  = ["admin_policy"]
+    backend   = vault_ldap_auth_backend.ldap.path
+}
diff --git a/vault/variable.tf b/vault/variable.tf
index 94947eb..1580c89 100644
--- a/vault/variable.tf
+++ b/vault/variable.tf
@@ -1,3 +1,7 @@
 variable vault_token {
 
 }
+variable ldap_bindpass {
+    type= string
+    default = null
+}