diff --git a/manifests/init.pp b/manifests/init.pp
index 1515725..6411f8d 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -34,19 +34,23 @@
 
   include nsswitch::params
 
+  $service_ensure = $module_type ? {
+    'ldap'  => running,
+    default => stopped,
+  }
+
+  $service_enable = $module_type ? {
+    'ldap'  => true,
+    default => false,
+  }
+
   package { $nsswitch::params::package:
     ensure => $ensure
   }
 
   service { $nsswitch::params::service:
-    ensure     => $module_type ? {
-        'ldap'  => running,
-        default => stopped,
-        },
-    enable     => $module_type ? {
-        'ldap'  => true,
-        default => false,
-        },
+    ensure     => $service_ensure,
+    enable     => $service_enable,
     name       => $nsswitch::params::script,
     pattern    => $nsswitch::params::pattern,
     hasstatus  => true,
diff --git a/manifests/params.pp b/manifests/params.pp
index 83743fc..6f40c9c 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -2,7 +2,7 @@
 class nsswitch::params {
 
   case $::osfamily {
-  
+
     'Debian': {
 
       $package = [ 'nscd', 'libnss-ldap' ]
diff --git a/templates/nslcd.conf.erb b/templates/nslcd.conf.erb
index 4c446f9..83fa9d3 100644
--- a/templates/nslcd.conf.erb
+++ b/templates/nslcd.conf.erb
@@ -13,3 +13,5 @@ timelimit      5
 bind_timelimit 10
 idle_timelimit 3600
 
+ssl no
+tls_cacertdir /etc/openldap/cacerts