diff --git a/modules/server/taf/default.nix b/modules/server/taf/default.nix
index 3abc95e..ec6e4fb 100644
--- a/modules/server/taf/default.nix
+++ b/modules/server/taf/default.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 
 {
   mailserver = {
@@ -15,6 +15,26 @@
 
     ldap = {
       enable = true;
+
+      uris = [ "ldaps://" ];
+      searchBase = "dc=auth,dc=lyes,dc=eu";
+      searchScope = "sub";
+
+      bind = {
+        dn = "dn=token,dc=auth,dc=lyes,dc=eu";
+        passwordFile = config.age.secrets.taf-token.path;
+      };
+
+      dovecot = {
+        userFilter = "(mail=%u)";
+        passFilter = "(mail=%u)";
+      };
+
+      postfix = {
+        filter = "(mail=%s)";
+        mailAttribute = "mail";
+        uidAttribute = "name";
+      };
     };
 
     extraVirtualAliases = {
@@ -23,4 +43,23 @@
 
     certificateScheme = "acme-nginx";
   };
+
+  services.roundcube = {
+    enable = true;
+
+    hostName = "mail.lyes.eu";
+    extraConfig = ''
+      $config['smtp_host'] = "tls://taf.lyes.eu";
+      $config['smtp_port'] = 587;
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+    '';
+  };
+
+  age.secrets = {
+    taf-token = {
+      owner = "postfix";
+      file = ../../../secrets/zora/services/taf-token.age;
+    };
+  };
 }
diff --git a/secrets.nix b/secrets.nix
index b72bf1d..77739cc 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -12,4 +12,5 @@ in
   # Zora
   "secrets/zora/services/kanidm-admin-password.age".publicKeys = all;
   "secrets/zora/services/kanidm-idm-admin-password.age".publicKeys = all;
+  "secrets/zora/services/taf-token.age".publicKeys = all;
 }
diff --git a/secrets/zora/services/taf-token.age b/secrets/zora/services/taf-token.age
new file mode 100644
index 0000000..a5ac55e
Binary files /dev/null and b/secrets/zora/services/taf-token.age differ