diff --git a/roles/ldap/server/meta/main.yml b/roles/ldap/server/meta/main.yml
index ba5147e..700faae 100644
--- a/roles/ldap/server/meta/main.yml
+++ b/roles/ldap/server/meta/main.yml
@@ -1,5 +1,6 @@
 ---
 
 dependencies:
+  - {role: kerberos/client}
   - {role: ldap/client}
   - {role: saslauthd}
diff --git a/roles/ldap/server/tasks/main.yml b/roles/ldap/server/tasks/main.yml
index 9171db1..2299e1f 100644
--- a/roles/ldap/server/tasks/main.yml
+++ b/roles/ldap/server/tasks/main.yml
@@ -4,6 +4,7 @@
     name: "{{ item }}"
     state: installed
   with_items:
+    - cyrus-sasl-gssapi
     - openldap-servers
     - ldapvi
 
@@ -173,3 +174,11 @@
     name: slapd
     state: started
     enabled: true
+
+- name: create slapd keytab
+  import_role:
+    name: kerberos/keytab
+  vars:
+    keytab: /etc/openldap/slapd.keytab
+    principals: ["ldap/{{ inventory_hostname }}@{{ kerberos_realm }}"]
+    group: ldap