diff --git a/roles/authentik_ldap/README.md b/roles/authentik_ldap/README.md
new file mode 100644
index 0000000..110c2c4
--- /dev/null
+++ b/roles/authentik_ldap/README.md
@@ -0,0 +1 @@
+Sets up an authentik ldap outpost container.
diff --git a/roles/authentik_ldap/defaults/main.yaml b/roles/authentik_ldap/defaults/main.yaml
new file mode 100644
index 0000000..8f8a8ad
--- /dev/null
+++ b/roles/authentik_ldap/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+authentik_ldap_tag: latest
diff --git a/roles/authentik_ldap/meta/argument_specs.yaml b/roles/authentik_ldap/meta/argument_specs.yaml
new file mode 100644
index 0000000..4ee3347
--- /dev/null
+++ b/roles/authentik_ldap/meta/argument_specs.yaml
@@ -0,0 +1,53 @@
+---
+argument_specs:
+  main:
+    short_description: Authentik container
+    description: "Sets up an authentik docker container."
+    options:
+      authentik_ldap_tag:
+        description: 'Authentik ldap outpost version to use. Can be minor (2024.8) or patch (2024.8.1) or "latest". Should probably be the same as authentik.'
+        type: str
+        required: false
+        default: latest
+      authentik_ldap_authentik_address:
+        description: "Address starting with https where authentik is reachable"
+        type: str
+        required: true
+      authentik_ldap_outpost_token:
+        description: Outpost token generated by authentik
+        type: str
+        required: true
+
+      # All options after this will be passed directly to the container role
+      docker_service_suffix:
+        description: "Passed to container role"
+        required: false
+      docker_host_user:
+        description: "Passed to container role"
+        required: false
+
+      database_passwords:
+        description: "Passed to container role"
+        required: false
+      docker_additional_services:
+        description: "Passed to container role"
+        required: false
+
+      docker_volume_type:
+        description: "Passed to container role"
+        required: false
+      reverse_proxy_type:
+        description: "Passed to container role"
+        required: false
+      ports:
+        description: "Passed to container role"
+        required: false
+      docker_vhost_domains:
+        description: "Passed to container role"
+        required: false
+      docker_entrypoint:
+        description: "Passed to container role"
+        required: false
+      dockerfile:
+        description: "Passed to container role"
+        required: false
diff --git a/roles/authentik_ldap/tasks/main.yaml b/roles/authentik_ldap/tasks/main.yaml
new file mode 100644
index 0000000..2edd7de
--- /dev/null
+++ b/roles/authentik_ldap/tasks/main.yaml
@@ -0,0 +1,12 @@
+---
+- name: Authentik ldap container
+  ansible.builtin.include_role:
+    name: service
+  vars:
+    docker_service: authentik-ldap
+    docker_image: beryju/authentik-ldap:{{ authentik_ldap_tag }}
+    reverse_proxy_type: none
+    docker_env:
+      AUTHENTIK_HOST: "{{ authentik_ldap_authentik_address }}"
+      AUTHENTIK_INSECURE: 'false'
+      AUTHENTIK_TOKEN: "{{ authentik_ldap_outpost_token }}"