diff --git a/roles/xmpp_server/defaults/main.yml b/roles/xmpp_server/defaults/main.yml
index 022709b83be8571481cffb1c5c309d5bf6bafb62..302c4a16fda86f3f1e52049ada2baee9c417370b 100644
--- a/roles/xmpp_server/defaults/main.yml
+++ b/roles/xmpp_server/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 
 enable_backup: false
-xmpp_prosody_package: "prosody-0.10"
+xmpp_prosody_package: "prosody-0.11"
 xmpp_server_tls_protocol: "tlsv1_2+"
 xmpp_server_tls_ciphers: "\
 DHE-RSA-AES128-GCM-SHA256:\
diff --git a/roles/xmpp_server/molecule/default/tests/test_default.py b/roles/xmpp_server/molecule/default/tests/test_default.py
index 139b0c4a5f7bfcd681b64891388fd746a932304c..344633973a43e6c183651404c63012cf5712b7de 100644
--- a/roles/xmpp_server/molecule/default/tests/test_default.py
+++ b/roles/xmpp_server/molecule/default/tests/test_default.py
@@ -14,7 +14,6 @@ def test_supporting_packages_installed(host):
     """
 
     assert host.package('python-apt').is_installed
-    assert host.package('lua-sec').is_installed
     assert host.package('lua-ldap').is_installed
 
 
@@ -235,6 +234,44 @@ def test_tls_connectivity(host):
     assert 'not-well-formed' in s2s.stdout
 
 
+def test_backports_repository(host):
+    """
+    Tests if backports repository has been added.
+    """
+
+    repository = host.file("/etc/apt/sources.list.d/backports.list")
+
+    distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
+
+    expected_content = "deb http://ftp.debian.org/debian %s-backports main\n" % distribution_release
+
+    assert repository.is_file
+    assert repository.user == 'root'
+    assert repository.group == 'root'
+    assert repository.mode == 0o644
+    assert repository.content_string == expected_content
+
+
+def test_lua_ldap_pin_and_version(host):
+    """
+    Tests if lua-ldap package has been correctly pinned to the
+    backports repository.
+    """
+
+    distribution_major_version = host.ansible("setup")["ansible_facts"]["ansible_distribution_major_version"]
+    backports_version_suffix = "bpo%s" % distribution_major_version
+
+    pin_configuration_file = host.file("/etc/apt/preferences.d/lua-ldap")
+    lua_ldap = host.package("lua-ldap")
+
+    assert pin_configuration_file.is_file
+    assert pin_configuration_file.user == 'root'
+    assert pin_configuration_file.group == 'root'
+    assert pin_configuration_file.mode == 0o644
+
+    assert backports_version_suffix in lua_ldap.version
+
+
 # @TODO: Tests which were not implemented due to lack of out-of-box tools:
 #
 # - Proxy capability.
diff --git a/roles/xmpp_server/molecule/default/tests/test_mandatory.py b/roles/xmpp_server/molecule/default/tests/test_mandatory.py
index 7379225b420a8c002bdb3b3909342df1fee2f2a5..c6177121067baaa692ea925768e146783c5a05fb 100644
--- a/roles/xmpp_server/molecule/default/tests/test_mandatory.py
+++ b/roles/xmpp_server/molecule/default/tests/test_mandatory.py
@@ -43,7 +43,7 @@ def test_correct_prosody_package_installed(host):
     Tests if correct Prosody package has been installed.
     """
 
-    assert host.package('prosody-0.10').is_installed
+    assert host.package('prosody-0.11').is_installed
 
 
 @pytest.mark.parametrize("port", [
diff --git a/roles/xmpp_server/tasks/main.yml b/roles/xmpp_server/tasks/main.yml
index 9df0f8e82e12d4c5d65af7036ed197951306fe95..3d9530728e052b1c23cf9c0cb826b0fc3f2a786b 100644
--- a/roles/xmpp_server/tasks/main.yml
+++ b/roles/xmpp_server/tasks/main.yml
@@ -4,6 +4,23 @@
   apt:
     name: python-apt
 
+- name: Add Debian backports repository for Debian Stretch
+  apt_repository:
+    repo: "deb http://ftp.debian.org/debian {{ ansible_distribution_release }}-backports main"
+    filename: "backports"
+    state: present
+    mode: 0644
+  when: "ansible_distribution_release == 'stretch'"
+
+- name: Pin the lua-ldap package to backports repository for Debian Stretch
+  template:
+    src: "lua_ldap_backports_pin.j2"
+    dest: "/etc/apt/preferences.d/lua-ldap"
+    owner: root
+    group: root
+    mode: 0644
+  when: "ansible_distribution_release == 'stretch'"
+
 - name: Add Prosody repository apt key
   apt_key:
     data: "{{ lookup('file', 'prosody-debian-packages.gpg') }}"
@@ -14,15 +31,18 @@
     repo: "deb http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
     state: present
 
-- name: Install Lua Sec library (needed for TLS)
-  apt:
-    name: lua-sec
-    state: present
-
+# Stick to the 'latest' state to ensure we get pinned package
+# installed in case of distribution upgrades.
 - name: Install Lua LDAP library
   apt:
     name: lua-ldap
-    state: present
+    # [403] Package installs should not use latest
+    #   The latest has to be used when upgrading existing systems to get
+    #   the correct version of lua-ldap with support for Lua 5.2 from
+    #   the backports repository.
+    state: latest  # noqa 403
+  notify:
+    - Restart Prosody
 
 - name: Install Prosody
   apt:
diff --git a/roles/xmpp_server/templates/lua_ldap_backports_pin.j2 b/roles/xmpp_server/templates/lua_ldap_backports_pin.j2
new file mode 100644
index 0000000000000000000000000000000000000000..db35a72518cd479ba57a498c0b562342bdec8085
--- /dev/null
+++ b/roles/xmpp_server/templates/lua_ldap_backports_pin.j2
@@ -0,0 +1,9 @@
+#
+# This file contains pinning information for deploying the backported
+# version of lud-ldap that supports Lua 5.2 (for use with the Prosody
+# XMPP server).
+#
+
+Package: lua-ldap
+Pin: release a={{ ansible_distribution_release }}-backports
+Pin-Priority: 600
\ No newline at end of file