diff --git a/roles/xmpp_server/tests/test_client.py b/roles/xmpp_server/tests/test_client.py
new file mode 100644
index 0000000000000000000000000000000000000000..bb55e42ca02fbdc88c24ebb6c7f08eb8bfa77a07
--- /dev/null
+++ b/roles/xmpp_server/tests/test_client.py
@@ -0,0 +1,80 @@
+import testinfra.utils.ansible_runner
+
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    '.molecule/ansible_inventory').get_hosts('client1')
+
+
+def test_connectivity(Command, Sudo):
+    """
+    Tests connectivity to the XMPP server (ports that should be reachable).
+    """
+
+    with Sudo():
+
+        for server in ["parameters-mandatory",
+                       "parameters-optional"]:
+            # c2s plaintext, c2s TLS, file proxy, s2s.
+            for port in [5222, 5223, 5000, 5269]:
+
+                ping = Command('hping3 -S -p %d -c 1 %s' % (port, server))
+                assert ping.rc == 0
+
+
+def test_tls(Command):
+    """
+    Tests if TLS works as expected.
+    """
+
+    send = Command("echo 'Hello' | sendxmpp -t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
+    assert send.rc == 0
+
+    send = Command("echo 'Hello' | sendxmpp -e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
+    assert send.rc == 0
+
+    send = Command("echo 'Hello' | sendxmpp -t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
+    assert send.rc == 0
+
+    send = Command("echo 'Hello' | sendxmpp -e -u jane.doe -p janepassword -j domain2:5223 jane.doe@domain2")
+    assert send.rc == 0
+
+
+def test_authentication_requires_tls(Command):
+    """
+    Tests if authentication must be done over TLS.
+    """
+
+    command = Command("echo 'Hello' | sendxmpp -u bogus -p bogus -j domain1:5222 john.doe@domain1 -d")
+    assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr
+
+    command = Command("echo 'Hello' | sendxmpp -u bogus -p bogus -j domain2:5222 jane.doe@domain2 -d")
+    assert "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>" in command.stderr
+
+
+def test_authentication(Command):
+    """
+    Tests if authentication works correctly.
+    """
+
+    send = Command("echo 'Hello' | sendxmpp -t -u john.doe -p johnpassword -j domain1:5222 john.doe@domain1")
+    assert send.rc == 0
+
+    send = Command("echo 'Hello' | sendxmpp -e -u john.doe -p johnpassword -j domain1:5223 john.doe@domain1")
+    assert send.rc == 0
+
+    send = Command("echo 'Hello' | sendxmpp -t -u jane.doe -p janepassword -j domain2:5222 jane.doe@domain2")
+    assert send.rc == 0
+
+    send = Command("echo 'Hello' | sendxmpp -e -u mick.doe -p mickpassword -j domain3:5223 mick.doe@domain3")
+    assert send.rc == 0
+
+
+def test_unauthorized_users_rejected(Command):
+    """
+    Tests if unauthorized users (present in LDAP, but not member of correct
+    group) are rejected from accessing the XMPP server.
+    """
+
+    send = Command("echo 'Hello' | sendxmpp -t -u noxmpp -p noxmpppassword -j domain1:5222 john.doe@domain1")
+    assert send.rc != 0
+    assert "Error 'AuthSend': error: not-authorized[?]" in send.stderr