diff --git a/README.rst b/README.rst
index cb87857..be048af 100644
--- a/README.rst
+++ b/README.rst
@@ -1,9 +1,8 @@
 ================
-template-formula
+pam-formula
 ================
 
-A saltstack formula that is empty. It has dummy content to help with a quick
-start on a new formula.
+Formula to set up and configuring pam authentication modules.
 
 .. note::
 
@@ -16,7 +15,7 @@ Available states
 .. contents::
     :local:
 
-``template``
+``pam.ldap``
 ------------
 
-Installs the template package, and starts the associated template service.
+Configure ldap authentication.
diff --git a/pam/ldap.sls b/pam/ldap.sls
new file mode 100644
index 0000000..b53e5f9
--- /dev/null
+++ b/pam/ldap.sls
@@ -0,0 +1,54 @@
+{% from "pam-ldap/map.jinja" import pam with context %}
+
+tls_cacertfile:
+    file.managed:
+        - source: salt://pam-ldap/files/cert
+        - user: root
+        - group: root
+        - mode: 640
+
+ldap:
+    pkg:
+        - installed
+        - name: {{ pam.ldap }}
+
+{{ pam.config }}:
+   file.managed:
+        - source: salt://pam-ldap/files/ldap.conf
+        - user: root
+        - group: root
+        - mode: 644
+
+ldap_conf:
+  file.append:
+    - name: {{ pam.ldap-config }}
+    - text:
+        - host {{ salt['pillar.get']('pam:ldap:host') }}
+        {% if salt['pillar.get']('pam:ldap:port') %}
+        - port {{ salt['pillar.get']('pam:ldap:port') }}
+        {% endif %}
+        - base {{ salt['pillar.get']('pam:ldap:base') }}
+        - ldap_version {{ salt['pillar.get']('pam:ldap:version', 3) }}
+        - bind_policy {{ salt['pillar.get']('pam:ldap:policy') }}
+        {% if salt['pillar.get']('pam:ldap:binddn') %}
+        - binddn {{ salt['pillar.get']('pam:ldap:binddn', '') }}
+        - bindpw {{ salt['pillar.get']('pam:ldap:bindpw', '') }}
+        {% endif %}
+        - scope {{ salt['pillar.get']('pam:ldap:scope', 'sub') }}
+        - pam_lookup_policy {{ salt['pillar.get']('pam:ldap:pam_lookup_policy', 'yes') }}
+        - pam_groupdn {{ salt['pillar.get']('pam:ldap:pam_groupdn') }}
+        - pam_member_attribute {{ salt['pillar.get']('pam:ldap:pam_member_attribute', 'member') }}
+        - pam_password {{ salt['pillar.get']('pam:ldap:pam_password') }}
+        {% if salt['pillar.get']('pam:ldap:ssl') %}
+        - ssl {{ salt['pillar.get']('pam:ldap:ssl') }}
+        {% endif %}
+        {% if salt['pillar.get']('pam:ldap:tls_checkpeer') == 'yes' %}
+        - tls_checkpeer {{ salt['pillar.get']('pam:ldap:tls_checkpeer', 'no') }}
+        - tls_cacertfile {{ salt['pillar.get']('pam:ldap:tls_cacertfile', '') }}
+        - tls_cacertdir {{ salt['pillar.get']('pam:ldap:tls_cacertdir', '') }}
+        {% endif %}
+
+/etc/pam.d/common-session:
+    file.append:
+        - text:
+            - session required    pam_mkhomedir.so skel=/etc/skel umask=0022