diff --git a/roles/container/files/link-ptmx.service b/roles/container/files/link-ptmx.service
new file mode 100644
index 0000000..5864aa5
--- /dev/null
+++ b/roles/container/files/link-ptmx.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Symlink /dev/ptmx for interactive logins
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/ln -s /dev/pts/ptmx /dev/ptmx
diff --git a/roles/container/tasks/ssh.yml b/roles/container/tasks/ssh.yml
index fab55b2..674354b 100644
--- a/roles/container/tasks/ssh.yml
+++ b/roles/container/tasks/ssh.yml
@@ -1,10 +1,13 @@
 - name: install openssh
   pacman: name=openssh state=present
 - name: Write sshd_config
-  copy: src=sshd_config dest=/etc/ssh/sshd_config mode=0644
+  template: src=sshd_config.j2 dest=/etc/ssh/sshd_config mode=0644
 - name: symlink /dev/pts/ptmx to /dev/ptmx for sshd pty
   file: src=/dev/pts/ptmx dest=/dev/ptmx state=link
-- name: tmpfiles.d/ptmx.conf
-  copy: src=ptmx.conf dest=/etc/tmpfiles.d/ptmx.conf mode=0644
+- name: create link-ptmx.service
+  copy: src=link-ptmx.service dest=/etc/systemd/system/link-ptmx.service mode=0644
+- name: enable link-ptmx.service
+  file: src=/etc/systemd/system/link-ptmx.service dest=/etc/systemd/system/multi-user.target.wants/link-ptmx.service state=link
+
 - name: start sshd.socket
   service: name=sshd.socket state=started enabled=yes
diff --git a/roles/container/files/sshd_config b/roles/container/templates/sshd_config.j2
similarity index 59%
rename from roles/container/files/sshd_config
rename to roles/container/templates/sshd_config.j2
index e1980fb..50806c0 100644
--- a/roles/container/files/sshd_config
+++ b/roles/container/templates/sshd_config.j2
@@ -1,6 +1,11 @@
 Port 22
 
+{% if ssh_ldap %}
+AuthorizedKeysCommand /usr/lib/openssh-ldap-helper/openssh-ldap-helper
+AuthorizedKeysCommandUser root
+{% else %}
 AuthorizedKeysFile	.ssh/authorized_keys
+{% endif %}
 
 PasswordAuthentication no
 ChallengeResponseAuthentication no
diff --git a/roles/php/defaults/main.yml b/roles/php/defaults/main.yml
index acf391b..467c823 100644
--- a/roles/php/defaults/main.yml
+++ b/roles/php/defaults/main.yml
@@ -1 +1,2 @@
 php_extensions: []
+ssh_ldap: false