diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 6b7b810135..20e0d5f9f7 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -188,6 +188,18 @@ outputs:
                   - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+        step_4:
+          # There are cases where we need to refresh keystone after the resource provisioning,
+          # such as the case of using LDAP backends for domains. So we trigger a graceful
+          # restart [1], which shouldn't cause service disruption, but will reload new
+          # configurations for keystone.
+          # [1] https://httpd.apache.org/docs/2.4/stopping.html#graceful
+          keystone_refresh:
+            start_order: 1
+            action: exec
+            user: root
+            command:
+              [ 'keystone', 'pkill', '--signal', 'USR1', 'httpd' ]
       docker_puppet_tasks:
         # Keystone endpoint creation occurs only on single node
         step_3: