diff --git a/ldap.yaml b/ldap.yaml
index d5b5616..55f996f 100644
--- a/ldap.yaml
+++ b/ldap.yaml
@@ -1,5 +1,5 @@
 ---
-- hosts: emmett
+- hosts: biff
   roles:
     - role: lxc_guest
       vm_name: ldap
diff --git a/roles/ldap/tasks/main.yaml b/roles/ldap/tasks/main.yaml
index 38c9cb6..a7f0cb9 100644
--- a/roles/ldap/tasks/main.yaml
+++ b/roles/ldap/tasks/main.yaml
@@ -88,10 +88,12 @@
   become_user: openldap
   notify: restart slapd
 
-- name: fix missing memberOf module load
-  lineinfile:
+- name: fix missing memberOf and pw-sha2 module load
+  blockinfile:
     dest: /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif
-    line: "olcModuleLoad: {1}memberof"
+    content: |
+      olcModuleLoad: {1}memberof
+      olcModuleLoad: {2}pw-sha2
   notify: restart slapd
 - name: upload default tree
   template: