diff --git a/manifests/lam.pp b/manifests/lam.pp
index b35db35..eb0a41a 100644
--- a/manifests/lam.pp
+++ b/manifests/lam.pp
@@ -5,11 +5,23 @@
 class wmdeit_ldap::lam(
 	$archive = "lam_7_2.tar.gz",
 	$domain = 'default1',
+	$logdestination = "SYSLOG",
+	$lamloglevel = 4,
+	$master_password = "lam",
+	$master_password_salt = "ABCD1234",
 
 ) {
 	$arcfile = "/tmp/$archive"
 	$extractdir = "/var/www/ldapaccountmanager"
 	$docroot = "$extractdir/lam"
+	
+	$encoded_master_password= strip (regsubst(
+		generate ("/bin/sh", "-c", "echo -n $master_password$master_password_salt | openssl dgst -binary -sha1 | openssl base64")
+		, '\n', "\n "))
+
+	$encoded_master_password_salt = strip(regsubst(
+		 generate("/bin/sh","-c", "echo -n $master_password_salt | openssl base64")
+		,  '\n', "\n "))
 
         class { 'apache':
 		default_vhost => false,
@@ -49,6 +61,11 @@ class wmdeit_ldap::lam(
 	file {["$docroot/tmp","$docroot/sess"]:
 		ensure => directory,
 		owner => "www-data"	
+	} ->
+	file {"$docroot/config/config.cfg":
+		ensure => file,
+		content => template("wmdeit_ldap/lam-config.cfg.erb"),
+		owner => "www-data",
 	}
 
 }
diff --git a/templates/lam-config.cfg.erb b/templates/lam-config.cfg.erb
new file mode 100644
index 0000000..470e5d7
--- /dev/null
+++ b/templates/lam-config.cfg.erb
@@ -0,0 +1,12 @@
+
+# password to add/delete/rename configuration profiles (default: lam)
+password: {SSHA}<%= @encoded_master_password %> <%= @encoded_master_password_salt %>
+
+# default profile, without ".conf"
+default: lam
+
+# log level
+logLevel: 4
+
+# log destination
+logDestination: <%= @logdestination %>