diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index c007a12a85efccafa53b2520c6928f5f73e94953..be3d545b546e8bcbb2a16344b10ea8a5f499d528 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -51,6 +51,21 @@
 - name: template ssl.ldif
   template: src=ssl_ldif.j2 dest=/tmp/ssl.ldif mode=600
 
+- name: template acl_groups.ldif
+  template: src=acl_groups_ldif.j2 dest=/tmp/acl_groups.ldif mode=600
+
+- name: template load_memberof.ldif
+  template: src=load_memberof_ldif.j2 dest=/tmp/load_memberof.ldif mode=600
+
+- name: template load_refint.ldif
+  template: src=load_refint_ldif.j2 dest=/tmp/load_refint.ldif mode=600
+
+- name: template memberOfConfig.ldif
+  template: src=memberOfConfig_ldif.j2 dest=/tmp/memberOfConfig.ldif mode=600
+
+- name: template refint_config.ldif
+  template: src=refint_config_ldif.j2 dest=/tmp/refint_config.ldif mode=600
+
 - name: template manager.ldif
   template: src=manager_ldif.j2 dest=/tmp/manager.ldif mode=600
   sudo: true
@@ -147,6 +162,46 @@
   sudo: true
   when: ppolicyOverlayConfigured|failed
 
+- name: check refint module loaded
+  shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}refint"
+  sudo: true
+  ignore_errors: true
+  register: refintModuleLoaded
+
+- name: load refint module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_refint.ldif -D cn=config 
+  sudo: true
+  when: refintModuleLoaded|failed
+
+- name: check memberof module loaded
+  shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}memberof"
+  sudo: true
+  ignore_errors: true
+  register: memberofModuleLoaded
+
+- name: load memberof module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_memberof.ldif -D cn=config 
+  sudo: true
+  when: memberofModuleLoaded|failed
+
+- name: check member of config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcMemberOf"
+  ignore_errors: true
+  register: memberOfConfigured
+
+- name: add member of config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/memberOfConfig.ldif
+  when: memberOfConfigured|failed
+
+- name: check refinit config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcRefintConfig"
+  ignore_errors: true
+  register: refintConfigured
+
+- name: add refint config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/refint_config.ldif
+  when: refintConfigured|failed
+
 - name: check Manager config
   shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManager }}'"
   ignore_errors: true
@@ -210,6 +265,16 @@
   shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/groups.ldif
   when: groupsConfigured|failed
 
+- name: check aclroups config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapAclGroupBase }} -x -H ldap://localhost objectClass=*"
+  ignore_errors: true
+  register: aclgroupsConfigured
+
+- name: add aclgroups OU
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/acl_groups.ldif
+  when: aclgroupsConfigured|failed
+
+
 - name: check Accounts config
   shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapUserBase }} -x -H ldap://localhost objectClass=*"
   ignore_errors: true
diff --git a/roles/ldapserver/templates/acl_groups_ldif.j2 b/roles/ldapserver/templates/acl_groups_ldif.j2
new file mode 100644
index 0000000000000000000000000000000000000000..980f11d890556c8d64b0ef65c5c2b844846e9aae
--- /dev/null
+++ b/roles/ldapserver/templates/acl_groups_ldif.j2
@@ -0,0 +1,2 @@
+dn: {{ ldapAclGroupBase }}
+objectClass: organizationalUnit
diff --git a/roles/ldapserver/templates/load_memberof_ldif.j2 b/roles/ldapserver/templates/load_memberof_ldif.j2
new file mode 100644
index 0000000000000000000000000000000000000000..c47d42097a1b477454c370d40da90508ab00f911
--- /dev/null
+++ b/roles/ldapserver/templates/load_memberof_ldif.j2
@@ -0,0 +1,4 @@
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof.la
diff --git a/roles/ldapserver/templates/load_refint_ldif.j2 b/roles/ldapserver/templates/load_refint_ldif.j2
new file mode 100644
index 0000000000000000000000000000000000000000..746194ac1bfde224e18b13360ddfc82190d695fe
--- /dev/null
+++ b/roles/ldapserver/templates/load_refint_ldif.j2
@@ -0,0 +1,4 @@
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad 
+olcModuleLoad: refint.la
diff --git a/roles/ldapserver/templates/memberOfConfig_ldif.j2 b/roles/ldapserver/templates/memberOfConfig_ldif.j2
new file mode 100644
index 0000000000000000000000000000000000000000..61f8685e69dcbc48ad623cf49f0ffa8be87f46ef
--- /dev/null
+++ b/roles/ldapserver/templates/memberOfConfig_ldif.j2
@@ -0,0 +1,11 @@
+dn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
diff --git a/roles/ldapserver/templates/refint_config_ldif.j2 b/roles/ldapserver/templates/refint_config_ldif.j2
new file mode 100644
index 0000000000000000000000000000000000000000..343e4006320c959ce84d54fefcb54ff6c3181cc3
--- /dev/null
+++ b/roles/ldapserver/templates/refint_config_ldif.j2
@@ -0,0 +1,7 @@
+dn: olcOverlay=refint,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: refint
+olcRefintAttribute: memberof member manager owner