diff --git a/defaults.tf b/defaults.tf
new file mode 100644
index 0000000..71d8828
--- /dev/null
+++ b/defaults.tf
@@ -0,0 +1,6 @@
+locals {
+  _defaults = {
+    "force_detach_policies" = false
+    "max_session_duration"  = 3600
+  }
+}
diff --git a/provider.ldap.tf.old b/provider.ldap.tf.old
new file mode 100644
index 0000000..a23be2b
--- /dev/null
+++ b/provider.ldap.tf.old
@@ -0,0 +1,7 @@
+provider "ldap" {
+  ldap_host     = var.ldap_host
+  ldap_port     = var.ldap_port
+  use_tls       = true
+  bind_user     = var.ldap_user
+  bind_password = var.ldap_password
+}
diff --git a/variables.ldap.tf b/variables.ldap.tf
new file mode 100644
index 0000000..5b7f231
--- /dev/null
+++ b/variables.ldap.tf
@@ -0,0 +1,27 @@
+#---
+# ldap 
+#---
+variable "ldap_user" {
+  description = "LDAP user for writing data into eDirectory or Active Directory"
+  type        = string
+  default     = ""
+}
+
+variable "ldap_password" {
+  description = "LDAP password for ldap_user for writing data into eDirectory or Active Directory"
+  type        = string
+  default     = ""
+}
+
+variable "ldap_host" {
+  description = "LDAP Hostname (default is for eBOCAS)"
+  type        = string
+  default     = "ldap.e.tco.census.gov"
+}
+
+variable "ldap_port" {
+  description = "LDAP port (default is 389 but also using STARTTLS)"
+  type        = number
+  default     = 389
+}
+