diff --git a/playbooks/roles/os_keystone/defaults/main.yml b/playbooks/roles/os_keystone/defaults/main.yml
index e8ede18c76..f57fb3cc71 100644
--- a/playbooks/roles/os_keystone/defaults/main.yml
+++ b/playbooks/roles/os_keystone/defaults/main.yml
@@ -346,6 +346,7 @@ keystone_pip_packages:
   - pycrypto
   - pysaml2
   - python-keystoneclient
+  - python-ldap
   - python-memcached
   - python-openstackclient
   - repoze.lru
diff --git a/playbooks/roles/os_keystone/templates/keystone.conf.j2 b/playbooks/roles/os_keystone/templates/keystone.conf.j2
index 802904e6f8..60d1611458 100644
--- a/playbooks/roles/os_keystone/templates/keystone.conf.j2
+++ b/playbooks/roles/os_keystone/templates/keystone.conf.j2
@@ -66,7 +66,7 @@ max_active_keys = {{ keystone_fernet_tokens_max_active_keys }}
 
 [identity]
 driver = {{ keystone_identity_driver }}
-{% if keystone_ldap is defined %}
+{% if keystone_ldap is defined and keystone_ldap.ldap %}
 domain_config_dir = {{ keystone_ldap_domain_config_dir }}
 domain_specific_drivers_enabled = True
 {% endif %}