diff --git a/tests/sanity-ldapdb-plugin/Makefile b/tests/sanity-ldapdb-plugin/Makefile
new file mode 100644
index 0000000..d6b4bcb
--- /dev/null
+++ b/tests/sanity-ldapdb-plugin/Makefile
@@ -0,0 +1,69 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /CoreOS/cyrus-sasl/Sanity/sanity-ldapdb-plugin
+#   Description: The ldapdb auxprop plugin provides access to credentials stored in an LDAP server.
+#   Author: David Spurek <dspurek@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=/CoreOS/cyrus-sasl/Sanity/sanity-ldapdb-plugin
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           David Spurek <dspurek@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     The ldapdb auxprop plugin provides access to credentials stored in an LDAP server." >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        15m" >> $(METADATA)
+	@echo "RunFor:          cyrus-sasl" >> $(METADATA)
+	@echo "Requires:        cyrus-sasl" >> $(METADATA)
+	@echo "Requires:        cyrus-sasl-md5" >> $(METADATA)
+	@echo "Requires:        cyrus-sasl-ldap" >> $(METADATA)
+	@echo "Requires:        cyrus-sasl-plain cyrus-sasl-devel" >> $(METADATA)
+	@echo "Requires:        expect" >> $(METADATA)
+	@echo "Requires:        openldap-servers" >> $(METADATA)
+	@echo "Requires:        openldap-clients" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+
+	rhts-lint $(METADATA)
diff --git a/tests/sanity-ldapdb-plugin/PURPOSE b/tests/sanity-ldapdb-plugin/PURPOSE
new file mode 100644
index 0000000..754567a
--- /dev/null
+++ b/tests/sanity-ldapdb-plugin/PURPOSE
@@ -0,0 +1,3 @@
+PURPOSE of /CoreOS/cyrus-sasl/Sanity/sanity-ldapdb-plugin
+Description: The ldapdb auxprop plugin provides access to credentials stored in an LDAP server.
+Author: David Spurek <dspurek@redhat.com>
diff --git a/tests/sanity-ldapdb-plugin/runtest.sh b/tests/sanity-ldapdb-plugin/runtest.sh
new file mode 100755
index 0000000..372d697
--- /dev/null
+++ b/tests/sanity-ldapdb-plugin/runtest.sh
@@ -0,0 +1,249 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/cyrus-sasl/Sanity/sanity-ldapdb-plugin
+#   Description: The ldapdb auxprop plugin provides access to credentials stored in an LDAP server.
+#   Author: David Spurek <dspurek@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2012 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/bin/rhts-environment.sh || exit 1
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="cyrus-sasl"
+
+PACKAGES=( "cyrus-sasl"       \
+           "cyrus-sasl-devel" \
+           "cyrus-sasl-ldap"  \
+           "cyrus-sasl-plain" \
+           "expect"           \
+           "pam"              \
+           "openldap"         \
+           "openldap-clients" \
+           "openldap-servers" \
+           "cyrus-sasl-md5"   )
+
+# else branch is also relevant for Fedora
+if rlIsRHEL '<6'; then
+    SERVICE_LDAP=ldap
+else
+    SERVICE_LDAP=slapd
+fi
+
+ldapdb_id="sasluser"
+ldapdb_pw="x"
+
+SASL_PASSWORD="x"
+SASL_USER="test"
+
+if [ "`uname -i`" = "i386" ]; then
+    LIBDIR=/usr/lib
+else
+    LIBDIR=/usr/lib64
+fi
+rlIsRHEL 5 && [ "`uname -i`" = "ia64" ] &&  LIBDIR=/usr/lib
+
+function slapd_conf {
+cat >/etc/openldap/slapd.conf<<'EOF'
+include         /etc/openldap/schema/core.schema
+include         /etc/openldap/schema/cosine.schema
+include         /etc/openldap/schema/inetorgperson.schema
+include         /etc/openldap/schema/nis.schema
+
+allow bind_v2
+
+pidfile         /var/run/openldap/slapd.pid
+argsfile        /var/run/openldap/slapd.args
+
+database        bdb
+suffix          "dc=my-domain,dc=com"
+rootdn          "uid=admin,dc=my-domain,dc=com"
+rootpw          x
+
+directory       /var/lib/ldap
+
+password-hash   {CLEARTEXT}
+
+authz-policy to
+authz-regexp
+        uid=(.*),cn=.*,cn=auth
+        "ldap:///dc=my-domain,dc=com??sub?(uid=$1)"
+
+index objectClass                       eq,pres
+index ou,cn,mail,surname,givenname      eq,pres,sub
+index uidNumber,gidNumber,loginShell    eq,pres
+index uid,memberUid                     eq,pres,sub
+index nisMapName,nisMapEntry            eq,pres,sub
+
+access to * by * write
+access to * by * read
+access to * by * auth
+
+EOF
+return $?
+}
+
+function data_ldif {
+cat >data.ldif<<EOF
+dn: dc=my-domain,dc=com
+objectclass: top
+objectclass: domain
+dc: my-domain
+
+dn: ou=Admins,dc=my-domain,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: Admins
+
+dn: uid=$ldapdb_id,ou=People,dc=my-domain,dc=com
+objectClass: person
+objectClass: inetOrgPerson
+userPassword: $ldapdb_pw
+uid: $ldapdb_id
+cn: $ldapdb_id
+sn: $ldapdb_id
+authzTo: ldap:///ou=People,dc=my-domain,dc=com??sub?(&(objectclass=inetOrgPerson)(uid=*))
+
+dn: ou=People,dc=my-domain,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: People
+
+dn: uid=$SASL_USER,ou=People,dc=my-domain,dc=com
+objectClass: person
+objectClass: inetOrgPerson
+userPassword: x
+uid: $SASL_USER
+cn: $SASL_USER
+sn: $SASL_USER
+EOF
+return $?
+}
+
+function sasl_client {
+expect <<EOF
+set timeout 30
+spawn sasl2-sample-client -p 8000 -s rcmd -m PLAIN localhost
+expect {
+    timeout {exit 1}
+    eof {exit 2}
+    -nocase "please enter an authentication id:" { puts $1 ; send "$1\r"}
+}
+expect {
+    timeout {exit 3}
+    eof {exit 4}
+    -nocase "please enter an authorization id:" { puts $1 ; send "$1\r"}
+}
+expect {
+    timeout {exit 5}
+    eof {exit 6}
+    -nocase "Password:" { puts $2 ; send "$2\r"}
+}
+expect {
+    timeout {exit 8}
+    -nocase "successful authentication" { expect eof  ; exit 0}
+    -nocase "authentication failed" {exit 9}
+}
+expect eof
+exit 0
+EOF
+}
+
+# ldapdb configuration for services, in this test for sasl2-sample-server
+# configuration may be for smtpd.conf,imapd.conf instead of sample.conf
+function smtpd_ldapdb {
+cat >$LIBDIR/sasl2/sample.conf<<EOF
+pwcheck_method: auxprop
+auxprop_plugin: ldapdb
+mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
+ldapdb_uri: ldap://localhost
+ldapdb_id: $ldapdb_id
+ldapdb_pw: $ldapdb_pw
+ldapdb_mech: DIGEST-MD5
+EOF
+return $?
+}
+
+
+rlJournalStart
+    rlPhaseStartSetup
+        for P in ${PACKAGES[@]}; do rlCheckRpm $P || rlDie "Package $P is missing"; done
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+
+        rlFileBackup --clean "$LIBDIR/sasl2/sample.conf"
+        rlFileBackup --clean "/etc/sasldb2"
+
+        rlRun "smtpd_ldapdb" 0
+
+        rlServiceStop $SERVICE_LDAP
+
+        # Back-up.
+        rlFileBackup --clean /var/run/openldap
+        rlFileBackup --clean /var/lib/ldap && rm -rf /var/lib/ldap/*
+        rlFileBackup --clean /etc/openldap/
+
+        rlRun "slapd_conf" 0
+        rlRun "cat /etc/openldap/slapd.conf" 0
+        if rlIsRHEL '>=6' || rlIsFedora '>=14'; then
+            rm -rf /etc/openldap/slapd.d/*
+            slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
+        fi
+
+        rlRun "data_ldif" 0
+        rlRun "slapadd -l data.ldif" 0
+
+        chown -R ldap:ldap /var/lib/ldap/* && chmod -R a+rx /etc/openldap/
+
+        rlRun "restorecon -vvRF /etc/openldap/"
+        rlRun "service $SERVICE_LDAP start && sleep 10" 0
+
+    rlPhaseEnd
+
+    rlPhaseStartTest
+        rlRun "ldapsearch -LLL -H ldap://localhost -s base  -b '' -x supportedSASLMechanisms" 0
+        rlRun "ldapsearch -H ldap://localhost -x -b 'dc=my-domain,dc=com' '(objectclass=*)'" 0 "Check ldap entries without SASL"
+
+        # this two ldapwhoami commands may be used for testing purposes
+        #        rlRun "ldapwhoami -U $ldapdb_id -Y digest-md5" 0
+        #        rlRun "ldapwhoami -U $ldapdb_id -X u:test@localhost -Y digest-md5" 0
+
+        # sasl sample server uses ldap sasluser as sasl bind id
+        # then try search user passed to sample client in ldap database
+        rlRun "sasl2-sample-server -p 8000 -s rcmd -m PLAIN &>sample_server.log &" 0
+        SASL_PID=`pgrep -f "sasl2-sample-server -p 8000 -s rcmd -m PLAIN"`
+        rlRun "sasl_client $SASL_USER ${SASL_PASSWORD}" 0
+        rlRun "sasl_client baduser ${SASL_PASSWORD}" 9
+        rlRun "kill $SASL_PID" 0 ; sleep 5
+        rlRun "cat sample_server.log" 0
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlRun "service $SERVICE_LDAP stop && sleep 10" 0
+        rlFileRestore
+        rlServiceRestore $SERVICE_LDAP
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd
diff --git a/tests/tests.yml b/tests/tests.yml
new file mode 100644
index 0000000..cbafac9
--- /dev/null
+++ b/tests/tests.yml
@@ -0,0 +1,18 @@
+---
+# This first play always runs on the local staging system
+- hosts: localhost
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    tests:
+    - sanity-ldapdb-plugin
+    required_packages:
+    - cyrus-sasl
+    - cyrus-sasl-md5
+    - cyrus-sasl-ldap
+    - cyrus-sasl-plain
+    - cyrus-sasl-devel
+    - expect
+    - openldap-servers
+    - openldap-clients