diff --git a/pyoxldapsync/defaults/main.yml b/pyoxldapsync/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fca9ff8437d34289a32d46f6e41953cd99f2c1eb
--- /dev/null
+++ b/pyoxldapsync/defaults/main.yml
@@ -0,0 +1,19 @@
+---
+
+oxldapsync_ox_path: "/opt/open-xchange/sbin"
+oxldapsync_ox_admin_username: "oxadmin"
+oxldapsync_ox_admin_password: ""
+oxldapsync_ox_context_id: 1
+oxldapsync_ox_default_timezone: "Europe/Berlin"
+oxldapsync_ox_default_language: "de_DE"
+
+oxldapsync_ldap_host: "auth.example.com"
+oxldapsync_ldap_user_dn: "cn=users,dc=example,dc=com"
+oxldapsync_ldap_group_dn: "cn=groups,dc=example,dc=com"
+oxldapsync_ldap_username: ""
+oxldapsync_ldap_password: ""
+oxldapsync_ca_cert: ""
+oxldapsync_domain: "EXAMPLE"
+oxldapsync_ldap_port: 636
+oxldapsync_ldap_user_filter: "(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(|(sAMAccountName=subsonic)(sAMAccountName=gk-info))))"
+
diff --git a/pyoxldapsync/files/cronjob b/pyoxldapsync/files/cronjob
new file mode 100644
index 0000000000000000000000000000000000000000..b4192382ee7e3f73a2069085b23ae3d9c93f128c
--- /dev/null
+++ b/pyoxldapsync/files/cronjob
@@ -0,0 +1 @@
+*/15 * * * * root cd /opt/pyoxldapsync && /usr/bin/python3 -m oxldapsync -c /opt/pyoxldapsync/etc/ldapsync.conf
diff --git a/pyoxldapsync/tasks/main.yml b/pyoxldapsync/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b9bc6bd11e26106fe605d87b5a853859d2d4ebd6
--- /dev/null
+++ b/pyoxldapsync/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+
+- name: ensure the deploy key is available
+  copy:
+    src: "{{inventory_dir}}/files/deploy-keys/pyoxldapsync"
+    dest: "/root/.ssh/pyoxldapsync"
+    owner: root
+    group: root
+    mode: '0600'
+
+- name: deploy pyoxldapsync
+  git:
+    repo: git@git.fsmpi.rwth-aachen.de:infra/pyoxldapsync.git
+    dest: /opt/pyoxldapsync
+    key_file: "/root/.ssh/pyoxldapsync"
+    version: "master"
+  environment:
+    TMPDIR: /root/.ansible/tmp
+
+- name: create config directory
+  file:
+    path: "/opt/pyoxldapsync/etc"
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: configure sync
+  template:
+    src: ldapsync.conf
+    dest: /opt/pyoxldapsync/etc/ldapsync.conf
+    owner: root
+    group: root
+    mode: 0640
+
+- name: run pyoxldapsync regularly
+  copy:
+    src: cronjob
+    dest: /etc/cron.d/pyoxldapsync
+    owner: root
+    group: root
+    mode: 0755
diff --git a/pyoxldapsync/templates/ldapsync.conf b/pyoxldapsync/templates/ldapsync.conf
new file mode 100644
index 0000000000000000000000000000000000000000..dbf45959fd3013d7cb2b5daed6eeaedbc9eb61d8
--- /dev/null
+++ b/pyoxldapsync/templates/ldapsync.conf
@@ -0,0 +1,18 @@
+
+ox_path = {{oxldapsync_ox_path}}
+ox_admin_username = {{oxldapsync_ox_admin_username}}
+ox_admin_password = {{oxldapsync_ox_admin_password}}
+ox_context_id = {{oxldapsync_ox_context_id}}
+ox_default_timezone = {{oxldapsync_ox_default_timezone}}
+ox_default_language = {{oxldapsync_ox_default_language}}
+ox_dont_modify = {{oxldapsync_ox_admin_username}}
+
+ldap_host = {{oxldapsync_ldap_host}}
+ldap_user_dn = {{oxldapsync_ldap_user_dn}}
+ldap_group_dn = {{oxldapsync_ldap_group_dn}}
+ldap_username = {{oxldapsync_ldap_username}}
+ldap_password = {{oxldapsync_ldap_password}}
+ldap_ca_cert = {{oxldapsync_ldap_ca_cert}}
+ldap_domain = {{oxldapsync_ldap_domain}}
+ldap_port = {{oxldapsync_ldap_port}}
+ldap_user_filter = {{oxldapsync_ldap_user_filter}}