diff --git a/defaults/main.yml b/defaults/main.yml
index 2af0baaf..882383b5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -134,6 +134,9 @@ keystone_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
 #     password: "secrete"
 #     ...
 
+keystone_ldap_identity_driver: keystone.identity.backends.ldap.Identity
+keystone_ldap_domain_config_dir: /etc/keystone/domains
+
 ## Policy vars
 # Provide a list of access controls to update the default policy.json with. These changes will be merged
 # with the access controls in the default policy.json. E.g.
diff --git a/tasks/keystone_post_install.yml b/tasks/keystone_post_install.yml
index f25e0efd..09d07fa7 100644
--- a/tasks/keystone_post_install.yml
+++ b/tasks/keystone_post_install.yml
@@ -21,6 +21,7 @@
     group: "{{ keystone_system_group_name }}"
   with_items:
     - { src: "keystone.conf.j2", dest: "/etc/keystone/keystone.conf" }
+    - { src: "keystone.Default.conf.j2", dest: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf" }
   notify:
     - Restart Apache
   tags:
diff --git a/tasks/keystone_pre_install.yml b/tasks/keystone_pre_install.yml
index 9c27804a..d03248e1 100644
--- a/tasks/keystone_pre_install.yml
+++ b/tasks/keystone_pre_install.yml
@@ -41,6 +41,7 @@
     group: "{{ item.group|default(keystone_system_group_name) }}"
   with_items:
     - { path: "/etc/keystone" }
+    - { path: "{{ keystone_ldap_domain_config_dir }}" }
     - { path: "/etc/keystone/ssl" }
     - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
     - { path: "{{ keystone_system_user_home }}" }
diff --git a/templates/keystone.Default.conf.j2 b/templates/keystone.Default.conf.j2
new file mode 100644
index 00000000..96c62ee2
--- /dev/null
+++ b/templates/keystone.Default.conf.j2
@@ -0,0 +1,12 @@
+# LDAP configuration options
+{% if keystone_ldap is defined %}
+[identity]
+driver = {{ keystone_ldap_identity_driver }}
+
+{% for section in keystone_ldap|dictsort %}
+[{{ section.0 }}]
+{% for key, value in section.1.items() %}
+{{ key }} = {{ value }}
+{% endfor %}
+{% endfor %}
+{% endif %}
diff --git a/templates/keystone.conf.j2 b/templates/keystone.conf.j2
index 065e28e2..520e8909 100644
--- a/templates/keystone.conf.j2
+++ b/templates/keystone.conf.j2
@@ -56,6 +56,10 @@ pool_timeout = {{ keystone_database_pool_timeout }}
 
 [identity]
 driver = {{ keystone_identity_driver }}
+{% if keystone_ldap is defined %}
+domain_config_dir = {{ keystone_ldap_domain_config_dir }}
+domain_specific_drivers_enabled = True
+{% endif %}
 
 
 [assignment]
@@ -68,16 +72,6 @@ caching = true
 driver = {{ keystone_resource_driver }}
 
 
-{% if keystone_ldap is defined %}
-{% for section in keystone_ldap|dictsort %}
-[{{ section.0 }}]
-{% for key, value in section.1.items() %}
-{{ key }} = {{ value }}
-{% endfor %}
-{% endfor %}
-{% endif %}
-
-
 [token]
 enforce_token_bind = permissive
 expiration = {{ keystone_token_expiration }}