diff --git a/manifests/ldap.pp b/manifests/ldap.pp
index 33ff97785..05428e971 100644
--- a/manifests/ldap.pp
+++ b/manifests/ldap.pp
@@ -311,6 +311,10 @@
 #   Identity backend driver. (string value)
 #   Defaults to 'undef'
 #
+# [*credential_driver*]
+#   Credential backend driver. (string value)
+#   Defaults to 'undef'
+#
 # [*assignment_driver*]
 #   Assignment backend driver. (string value)
 #   Defaults to 'undef'
@@ -469,6 +473,7 @@ class keystone::ldap(
   $tls_req_cert                        = undef,
   $identity_driver                     = undef,
   $assignment_driver                   = undef,
+  $credential_driver                   = undef,
   $use_pool                            = false,
   $pool_size                           = 10,
   $pool_retry_max                      = 3,
@@ -677,6 +682,12 @@ class keystone::ldap(
       }
   }
 
+  if ($credential_driver != undef) {
+      if ! ($credential_driver =~ /^keystone.credential.backends.*Credential$/) {
+          fail('credential driver should be of the form \'keystone.credential.backends.*Credential\'')
+      }
+  }
+
   if ($tls_cacertdir != undef) {
     file { $tls_cacertdir:
       ensure => directory
@@ -762,6 +773,7 @@ class keystone::ldap(
     'ldap/auth_pool_size':                       value => $auth_pool_size;
     'ldap/auth_pool_connection_lifetime':        value => $auth_pool_connection_lifetime;
     'identity/driver':                           value => $identity_driver;
+    'credential/driver':                         value => $credential_driver;
     'assignment/driver':                         value => $assignment_driver;
   }
 }
diff --git a/spec/classes/keystone_ldap_spec.rb b/spec/classes/keystone_ldap_spec.rb
index 966ca6af7..ac3596b7d 100644
--- a/spec/classes/keystone_ldap_spec.rb
+++ b/spec/classes/keystone_ldap_spec.rb
@@ -73,6 +73,7 @@ describe 'keystone::ldap' do
         :tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt',
         :tls_req_cert => 'demand',
         :identity_driver => 'keystone.identity.backends.ldap.Identity',
+        :credential_driver => 'keystone.credential.backends.ldap.Credential',
         :assignment_driver => 'keystone.assignment.backends.ldap.Assignment',
         :use_pool => 'True',
         :pool_size => 20,
@@ -182,6 +183,7 @@ describe 'keystone::ldap' do
 
       # drivers
       is_expected.to contain_keystone_config('identity/driver').with_value('keystone.identity.backends.ldap.Identity')
+      is_expected.to contain_keystone_config('credential/driver').with_value('keystone.credential.backends.ldap.Credential')
       is_expected.to contain_keystone_config('assignment/driver').with_value('keystone.assignment.backends.ldap.Assignment')
     end
   end