diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 35d30d8d19343334b5befe558fb2a86b345c67c2..c3c17634ae99496ddb1a35bdb3935f4d8ee26e99 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -10,6 +10,15 @@ Common parameters
 A number of common parameters are used by all of the roles during
 deployment. This section lists such parameters.
 
+**enable_backup** (boolean, optional, ``False``)
+  If set to ``True``, and the role supports backups, server will be configured
+  for back-up of role's data. See role description for more details on what is
+  backed-up and if the option is available. Just keep in mind that if you enable
+  this globally, all the roles will be running backup-specific tasks. If the
+  option has been enabled, the ``backup_client`` role will be included
+  automatically (see the role reference for details on parameters that need to
+  be provided in the case).
+
 **tls_private_key_dir** (string, optional if paths to private keys for all roles are explicitly specified)
   Path to directory on Ansible host that contains the private keys used by
   services deployed by various roles. When TLS key path is not explicitly
@@ -439,6 +448,17 @@ The role implements the following:
 * Sets the LDAP server administrator's password.
 
 
+Backups
+~~~~~~~
+
+If the backup for this role has been enabled, the following paths are backed-up:
+
+**/srv/backup/slapd.bak**
+  Dump of the LDAP database. LDAP database dump is created every day at 01:45 in
+  the morning. This does *not* include the dump of the config database
+  (``cn=config``).
+
+
 Parameters
 ~~~~~~~~~~
 
diff --git a/roles/ldap_server/defaults/main.yml b/roles/ldap_server/defaults/main.yml
index 6f2c1570eb6bd4d3805e3f03b32570829255a202..fc3c43742407c3d0b211adaf6ffebc45613c9f7b 100644
--- a/roles/ldap_server/defaults/main.yml
+++ b/roles/ldap_server/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 
+enable_backup: False
 ldap_entries: []
 ldap_server_domain: "{{ ansible_domain }}"
 # Internal value, base DN.
diff --git a/roles/ldap_server/files/backup_patterns b/roles/ldap_server/files/backup_patterns
new file mode 100644
index 0000000000000000000000000000000000000000..2e3af6efc50ad209bee75df62bba2c259d745576
--- /dev/null
+++ b/roles/ldap_server/files/backup_patterns
@@ -0,0 +1 @@
+/srv/backup/slapd.bak
\ No newline at end of file
diff --git a/roles/ldap_server/meta/main.yml b/roles/ldap_server/meta/main.yml
index 7bf9f35b4a9540a5a7b4ea956b206ab8c4f2aa8a..f656bfe1224ed6f4f8f99006438d9b129e81e85f 100644
--- a/roles/ldap_server/meta/main.yml
+++ b/roles/ldap_server/meta/main.yml
@@ -1,4 +1,6 @@
 ---
 
 dependencies:
-  - ldap_client
\ No newline at end of file
+  - ldap_client
+  - role: backup_client
+    when: enable_backup
\ No newline at end of file
diff --git a/roles/ldap_server/tasks/backup.yml b/roles/ldap_server/tasks/backup.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3ae8b9d0cbf87ed7c3f6d40f3e99187e2afecd37
--- /dev/null
+++ b/roles/ldap_server/tasks/backup.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Create directory for storing LDAP database dumps
+  file: path="{{ item }}" state=directory
+        owner=root group=root mode=700
+  with_items:
+    - "/srv"
+    - "/srv/backup"
+
+- name: Deploy include patterns to backup
+  copy: src="backup_patterns" dest="/etc/duply/main/patterns/ldap_server"
+        owner="root" group="root" mode="700"
+  notify:
+    - Assemble Duply include patterns
+
+- name: Create crontab entry for creating LDAP database dumps every day at 01:45
+  cron: name=ldapdump cron_file=ldapdump hour=1 minute=45
+        job="/usr/sbin/slapcat > /srv/backup/slapd.bak"
+        state=present user=root
diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml
index d09398b03d7fbb50690514e45737a5b194fc585c..e2680271e902589cc8804cc0adde934771760339 100644
--- a/roles/ldap_server/tasks/main.yml
+++ b/roles/ldap_server/tasks/main.yml
@@ -162,3 +162,7 @@
 - name: Remove temporary file with LDAP admin password
   file: path="/root/.ldap_admin_password" state=absent
   changed_when: False
+
+- name: Enable backup
+  include: backup.yml
+  when: enable_backup
\ No newline at end of file
diff --git a/testsite/group_vars/all.yml b/testsite/group_vars/all.yml
index e37d3b30b06db03dcb81d0759d97e6afb677e348..d5921e10a6a455969f73c6256ab6b9f5ad5ed5a3 100644
--- a/testsite/group_vars/all.yml
+++ b/testsite/group_vars/all.yml
@@ -61,3 +61,21 @@ ldap_client_config:
   - comment: Enforce TLS
     option: TLS_REQCERT
     value: demand
+
+# Enable and configure backups
+enable_backup: yes
+
+backup_encryption_keys:
+  - "backup.{{ testsite_domain }}"
+
+backup_signing_key: "{{ ansible_fqdn }}"
+
+backup_server: "backup.{{ testsite_domain }}"
+
+backup_server_host_ssh_public_keys:
+  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key.pub') }}"
+  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
+  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
+  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"
+
+backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn) }}"
diff --git a/testsite/group_vars/backup.yml b/testsite/group_vars/backup.yml
index b5d4305b5d46ed4a1a7d9f29d8a81cf7f6712b0d..f134eb05467701f835d7e315756911a9c2879b3a 100644
--- a/testsite/group_vars/backup.yml
+++ b/testsite/group_vars/backup.yml
@@ -9,12 +9,14 @@ smtp_relay_truststore: /etc/ssl/certs/ca.pem
 
 backup_clients:
   - server: web.{{ testsite_domain }}
-    uid: 3000
     public_key: "{{ lookup('file', inventory_dir + '/ssh/web.' + testsite_domain + '.pub') }}"
     ip: 10.32.64.18
   - server: mail.{{ testsite_domain }}
     public_key: "{{ lookup('file', inventory_dir + '/ssh/mail.' + testsite_domain + '.pub') }}"
     ip: 10.32.64.15
+  - server: ldap.{{ testsite_domain }}
+    public_key: "{{ lookup('file', inventory_dir + '/ssh/ldap.' + testsite_domain + '.pub') }}"
+    ip: 10.32.64.12
 
 backup_host_ssh_private_keys:
   dsa: "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key') }}"
diff --git a/testsite/group_vars/web.yml b/testsite/group_vars/web.yml
index b3fbbd56ddb285a608be4ee248e046756cfb4623..e5fad8a233c4c9b9e0343830e9f21592cf62ee04 100644
--- a/testsite/group_vars/web.yml
+++ b/testsite/group_vars/web.yml
@@ -14,18 +14,3 @@ web_default_title: "Welcome to Example Inc."
 web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."
 
 db_root_password: "root"
-
-backup_encryption_keys:
-  - "backup.{{ testsite_domain }}"
-
-backup_signing_key: "web.{{ testsite_domain }}"
-
-backup_server: "backup.{{ testsite_domain }}"
-
-backup_server_host_ssh_public_keys:
-  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key.pub') }}"
-  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
-  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
-  - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"
-
-backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/web.' + testsite_domain) }}"