diff --git a/roles/ipaconf/defaults/main.yml b/roles/ipaconf/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9030ee0e57856efd4d5fed2031d1d0d327fab433
--- /dev/null
+++ b/roles/ipaconf/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+ipaconf_default_conf: /etc/ipa/default.conf
+
+ipaconf_basedn:
+ipaconf_realm:
+ipaconf_domain:
+ipaconf_server:
+ipaconf_hostname:
diff --git a/roles/ipaconf/meta/main.yml b/roles/ipaconf/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e08438f7fcf3208c079fc35a88095a977181b843
--- /dev/null
+++ b/roles/ipaconf/meta/main.yml
@@ -0,0 +1,12 @@
+galaxy_info:
+  author: Thomas Woerner
+  description: A role to configure IPA default.conf
+  company: Red Hat, Inc
+
+  license: GPLv2+
+
+  min_ansible_version: 2.0
+
+  galaxy_tags: [ 'identity', 'ipa']
+
+dependencies: []
diff --git a/roles/ipaconf/tasks/main.yml b/roles/ipaconf/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2a74b190a399e201ebd94a099ab4ce1cd7d9e4b1
--- /dev/null
+++ b/roles/ipaconf/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Template IPA default.conf
+  template:
+    src: default.conf.j2
+    dest: "{{ ipaconf_default_conf }}"
+    backup: yes
+    owner: root
+    group: root
+    mode: 0644
diff --git a/roles/ipaconf/templates/default.conf.j2 b/roles/ipaconf/templates/default.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..05491180f05ef9367e58aefbc8c632753e58de85
--- /dev/null
+++ b/roles/ipaconf/templates/default.conf.j2
@@ -0,0 +1,8 @@
+[global]
+basedn = {{ ipaconf_basedn }}
+realm = {{ ipaconf_realm }}
+domain = {{ ipaconf_domain }}
+server = {{ ipaconf_server }}
+host = {{ ipaconf_hostname }}
+xmlrpc_uri = {{ 'https://' + ipaconf_server + '/ipa/xml' }}
+enable_ra = True
diff --git a/roles/ipaconf/vars/default.yml b/roles/ipaconf/vars/default.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fa18717baa638da7af8b3d9a914d8a72d1d0b2c6
--- /dev/null
+++ b/roles/ipaconf/vars/default.yml
@@ -0,0 +1,2 @@
+krb5_packages:
+  - krb5-workstation