diff --git a/files/ldap/openstack.ldif b/files/ldap/openstack.ldif
index 287fda4521..00c9861d6d 100644
--- a/files/ldap/openstack.ldif
+++ b/files/ldap/openstack.ldif
@@ -19,3 +19,8 @@ ou: Roles
 dn: ou=Projects,dc=openstack,dc=org
 objectClass: organizationalUnit
 ou: Projects
+
+dn: cn=9fe2ff9ee4384b1894a90878d3e92bab,ou=Roles,dc=openstack,dc=org
+objectClass: organizationalRole
+ou: _member_
+cn: 9fe2ff9ee4384b1894a90878d3e92bab
diff --git a/lib/keystone b/lib/keystone
index 866c62e165..a1a57f83bd 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -99,6 +99,16 @@ function configure_keystone() {
         iniset $KEYSTONE_CONF ldap password  $LDAP_PASSWORD
         iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org"
         iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org"
+        iniset $KEYSTONE_CONF ldap use_dumb_member "True"
+        iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,tenantId"
+        iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled"
+        iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory"
+        iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description"
+        iniset $KEYSTONE_CONF ldap tenant_tree_dn "ou=Projects,dc=openstack,dc=org"
+        iniset $KEYSTONE_CONF ldap user_domain_id_attribute "businessCategory"
+        iniset $KEYSTONE_CONF ldap user_tree_dn "ou=Users,dc=openstack,dc=org"
+        iniset $KEYSTONE_CONF DEFAULT member_role_id "9fe2ff9ee4384b1894a90878d3e92bab"
+        iniset $KEYSTONE_CONF DEFAULT member_role_name "_member_"
     fi
 
     if [[  "$KEYSTONE_IDENTITY_BACKEND" == "ldap"  ]]; then