diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml
index 0c55c7b6c1..e64a8d7df2 100644
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
@@ -1,4 +1,8 @@
 ---
+- name: Check if Keystone Domain specific settings enabled
+  local_action: stat path="{{ node_custom_config }}/keystone/domains"
+  register: keystone_domain_cfg
+
 - name: Ensuring config directories exist
   file:
     path: "{{ node_config_directory }}/{{ item }}"
@@ -7,6 +11,15 @@
   with_items:
     - "keystone"
 
+- name: Creating Keystone Domain directory
+  file:
+    dest: "{{ node_config_directory }}/{{ item }}/domains/"
+    state: "directory"
+  when:
+      keystone_domain_cfg.stat.exists
+  with_items:
+    - "keystone"
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item }}.json.j2"
@@ -29,6 +42,13 @@
   with_items:
     - "keystone"
 
+- name: Copying Keystone Domain specific settings
+  copy:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/keystone/domains/"
+  with_fileglob:
+    - "{{ node_custom_config }}/keystone/domains/*"
+
 - name: Copying over wsgi-keystone.conf
   template:
     src: "wsgi-keystone.conf.j2"
diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2
index 512fa1dabe..f5c9054deb 100644
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@@ -10,6 +10,12 @@ secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
 connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
 max_retries = -1
 
+{% if keystone_domain_cfg.stat.exists %}
+[identity]
+domain_specific_drivers_enabled = true
+domain_config_dir = /etc/keystone/domains
+{% endif %}
+
 [cache]
 backend = oslo_cache.memcache_pool
 enabled = True
diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2
index b5ecc3db8e..21cc9559ec 100644
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@@ -9,6 +9,13 @@
             "owner": "keystone",
             "perm": "0600"
         },
+        {
+            "source": "{{ container_config_directory }}/domains",
+            "dest": "/etc/keystone/domains",
+            "owner": "keystone",
+            "perm": "0600",
+            "optional": true
+        },
         {
             "source": "{{ container_config_directory }}/wsgi-keystone.conf",
             "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
diff --git a/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml b/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml
new file mode 100644
index 0000000000..997dc06f24
--- /dev/null
+++ b/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - LDAP & AD support has been added to the base images, and support
+    for Keystone multidomains config files.