diff --git a/group_vars/all b/group_vars/all
index 597cc00a9efb94430c3d1ada69ffa7d30a24d633..6321239bcc5c5bc6d9b9aa9cc192744a848fd2a3 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -5,3 +5,6 @@
 ldap_ip_ext: 10.0.20.2
 # int ist noch ungenutzt / später replikation in der Zone
 ldap_ip_int: 10.0.20.2
+
+ldap_base_dn: DC=warpzone,DC=ms
+ldap_readonly_bind_dn: CN=readonly,DC=warpzone,DC=ms
\ No newline at end of file
diff --git a/webserver/docker_jabber_test/tasks/main.yaml b/webserver/docker_jabber_test/tasks/main.yaml
index 3df9d398270ecb3d02c96c7228faad2e20ef6468..9955ea4f8940c9297281f09ca1a8c819cbcec6dd 100644
--- a/webserver/docker_jabber_test/tasks/main.yaml
+++ b/webserver/docker_jabber_test/tasks/main.yaml
@@ -1,4 +1,5 @@
 ---
+# Create folders 
 - name: create folder struct for jabber_test
   file:
     path: "{{ item }}"
@@ -16,17 +17,33 @@
   with_items:
     - "/srv/jabber_test/logs"
     - "/srv/jabber_test/data"
+    - "/srv/jabber_test/saslauthd"
 
+# Get secrets 
+- include: ../functions/get_secret.yml
+  with_items:
+    - { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 }
+
+# create files 
 - name: Docker Konfig-Datei erstellen
   template:
     src: "docker-compose.yml"
     dest: "/srv/jabber_test/docker-compose.yml"
 
+- name: SASL Configs anlegen
+  template:
+    src: "{{item}}"
+    dest: "/srv/jabber_test/{{item}}"
+  with_items:
+    - "saslauthd.conf"
+    - "prosody.conf"
+
 - name: Prosody Config anlegen
   template:
     src: "prosody.cfg.lua"
     dest: "/srv/jabber_test/etc/prosody.cfg.lua"
 
+# start docker 
 - name: start jabber-test docker
   docker_service:
     project_src: /srv/jabber_test/
diff --git a/webserver/docker_jabber_test/templates/docker-compose.yml b/webserver/docker_jabber_test/templates/docker-compose.yml
index df37182cc56432fad75534939a9715c61fe86ac6..e31c1ed6b864c3849b30d8128e0b9e0e05508989 100644
--- a/webserver/docker_jabber_test/templates/docker-compose.yml
+++ b/webserver/docker_jabber_test/templates/docker-compose.yml
@@ -3,6 +3,14 @@ version: "3"
 
 services:
 
+  auth:
+
+    image: dweomer/saslauthd
+    restart: always
+    volumes:
+      - /srv/jabber_test/saslauthd.conf:/etc/saslauthd.conf:ro
+      - /srv/jabber_test/saslauthd:/var/run/saslauthd
+
   app:
 
     image: prosody/prosody:0.10
@@ -21,3 +29,6 @@ services:
       - /etc/ssl/fullchain.pem:/etc/prosody/certs/muc.jabber-test.warpzone.ms.crt
       - /etc/ssl/key.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.key
       - /etc/ssl/fullchain.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.crt
+      # sasl2 auth mounts 
+      - /srv/jabber_test/prosody.conf:/usr/lib/sasl/prosody.conf
+      - /srv/jabber_test/saslauthd:/var/run/saslauthd
diff --git a/webserver/docker_jabber_test/templates/prosody.cfg.lua b/webserver/docker_jabber_test/templates/prosody.cfg.lua
index 3f0d11a2d741425560acbed77c9e466804d9f487..e53d8a921b2152677f85825567bd94f81b67a5a9 100644
--- a/webserver/docker_jabber_test/templates/prosody.cfg.lua
+++ b/webserver/docker_jabber_test/templates/prosody.cfg.lua
@@ -117,7 +117,10 @@ s2s_secure_auth = false
 -- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed
 -- for information about using the hashed backend.
 
-authentication = "internal_hashed"
+-- authentication = "internal_hashed"
+
+authentication = "cyrus" 
+cyrus_service_name = "xmpp" -- Optional, defaults to "xmpp"
 
 -- Select the storage backend to use. By default Prosody uses flat files
 -- in its configured data directory, but it also supports more backends
@@ -148,8 +151,8 @@ archive_expires_after = "1w" -- Remove archived messages after 1 week
 log = {
 	info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
 	error = "/var/log/prosody/prosody.err";
-	info = "*console"; -- Log to the console
-	-- "*console"; -- Log to the console, useful for debugging with daemonize=false
+	-- info = "*console"; -- Log to the console
+	"*console"; -- Log to the console, useful for debugging with daemonize=false
 	-- "*syslog"; -- Uncomment this for logging to syslog
 }
 
diff --git a/webserver/docker_jabber_test/templates/prosody.conf b/webserver/docker_jabber_test/templates/prosody.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f2e18cef6e57ddb93121af0aef43b49af6bc1092
--- /dev/null
+++ b/webserver/docker_jabber_test/templates/prosody.conf
@@ -0,0 +1,2 @@
+pwcheck_method: saslauthd
+mech_list: PLAIN
\ No newline at end of file
diff --git a/webserver/docker_jabber_test/templates/saslauthd.conf b/webserver/docker_jabber_test/templates/saslauthd.conf
new file mode 100644
index 0000000000000000000000000000000000000000..875362abd679e4c47f2bd965b1d745a45719db08
--- /dev/null
+++ b/webserver/docker_jabber_test/templates/saslauthd.conf
@@ -0,0 +1,6 @@
+
+ldap_servers: ldap://{{ ldap_ip_ext }}
+ldap_search_base: {{ ldap_base_dn }}
+ldap_filter: (&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,{{ ldap_base_dn }})(uid=%u))
+ldap_bind_dn: {{ ldap_readonly_bind_dn }}
+ldap_password: {{ ldap_readonly_pass }}