diff --git a/dicos/29_one-master.xml b/dicos/29_one-master.xml
index fbe0294..646e233 100644
--- a/dicos/29_one-master.xml
+++ b/dicos/29_one-master.xml
@@ -5,6 +5,8 @@
+
+
opennebula
diff --git a/tmpl/ldap_auth.conf b/tmpl/ldap_auth.conf
new file mode 100644
index 0000000..2caf2ee
--- /dev/null
+++ b/tmpl/ldap_auth.conf
@@ -0,0 +1,72 @@
+# ---------------------------------------------------------------------------- #
+# Copyright 2002-2017, OpenNebula Project, OpenNebula Systems #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. You may obtain #
+# a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+# ---------------------------------------------------------------------------- #
+
+server 1:
+ # Ldap user able to query, if not set connects as anonymous. For
+ # Active Directory append the domain name. Example:
+ # Administrator@my.domain.com
+ #:user: 'admin'
+ #:password: 'password'
+
+ # Ldap authentication method
+ :auth_method: :simple
+
+ # Ldap server
+ :host: %%adresse_ip_ldap
+ :port: %%ldap_port
+%if %%getVar('ldap_tls', 'non') == 'oui'
+
+ # Uncomment this line for tls conections
+ :encryption: :simple_tls
+%end if
+
+ # base hierarchy where to search for users and groups
+ :base: %%ldap_base_dn
+
+ # group the users need to belong to. If not set any user will do
+ #:group: 'cn=cloud,ou=groups,dc=domain'
+
+ # field that holds the user name, if not set 'cn' will be used
+ :user_field: 'uid'
+
+ # for Active Directory use this user_field instead
+ #:user_field: 'sAMAccountName'
+
+ # field name for group membership, by default it is 'member'
+ #:group_field: 'member'
+
+ # user field that that is in in the group group_field, if not set 'dn' will be used
+ #:user_group_field: 'dn'
+
+ # Generate mapping file from group template info
+ :mapping_generate: true
+
+ # Seconds a mapping file remain untouched until the next regeneration
+ :mapping_timeout: 300
+
+ # Name of the mapping file in OpenNebula var diretory
+ :mapping_filename: server1.yaml
+
+ # Key from the OpenNebula template to map to an AD group
+ :mapping_key: GROUP_DN
+
+ # Default group ID used for users in an AD group not mapped
+ :mapping_default: 1
+
+# List the order the servers are queried
+:order:
+ - server 1
+%end if