diff --git a/recipes/auth.rb b/recipes/auth.rb
index abcc5c8..943edac 100644
--- a/recipes/auth.rb
+++ b/recipes/auth.rb
@@ -58,10 +58,11 @@
 template '/etc/nslcd.conf' do
   source 'nslcd.conf.erb'
   mode 0644
+  notifies :restart, "service[nslcd]"
 end
 
 service 'nslcd' do
-  action [:enable, :restart]
+  action [:enable, :start]
 end
 
 cookbook_file "/etc/nsswitch.conf" do
@@ -70,3 +71,11 @@
   owner "root"
   group "root"
 end
+
+template "/etc/pam_ldap.conf" do
+  source "pam_ldap.conf.erb"
+  owner "root"
+  group "root"
+  mode 0644
+end
+
diff --git a/templates/default/nslcd.conf.erb b/templates/default/nslcd.conf.erb
index e2c5af5..8dbc0b8 100644
--- a/templates/default/nslcd.conf.erb
+++ b/templates/default/nslcd.conf.erb
@@ -7,7 +7,7 @@ uri ldap://<%= node['openldap']['server'] %>
 base <%= node['openldap']['basedn'] %>
 scope sub
 
-ssl start_tls
+ssl no 
 tls_reqcert demand
 <% if node['openldap']['cafile'] -%>
 tls_cacertfile <%= node['openldap']['cafile'] %>
diff --git a/templates/default/pam_ldap.conf.erb b/templates/default/pam_ldap.conf.erb
new file mode 100644
index 0000000..f78235f
--- /dev/null
+++ b/templates/default/pam_ldap.conf.erb
@@ -0,0 +1,5 @@
+uri    ldap://<%= node['openldap']['server'] %>
+base <%= node['openldap']['basedn'] %>
+ssl    no
+pam_password md5
+