diff --git a/roles/krb5-kdc-ldap/handlers/main.yml b/roles/krb5-kdc-ldap/handlers/main.yml
index dd749e0..098de30 100644
--- a/roles/krb5-kdc-ldap/handlers/main.yml
+++ b/roles/krb5-kdc-ldap/handlers/main.yml
@@ -1,7 +1,11 @@
+- name: restart slapd
+  systemd: name=slapd state=restarted enabled=yes
+  listen: "restart slapd"
+
 - name: restart krb5-kdc
-  service: name=krb5-kdc state=restarted enabled=yes
+  systemd: name=krb5-kdc state=restarted enabled=yes
   listen: "restart krb5-kdc"
 
 - name: restart krb5-admin-server
-  service: name=krb5-admin-server state=restarted enabled=yes
+  systemd: name=krb5-admin-server state=restarted enabled=yes
   listen: "restart krb5-admin-server"
diff --git a/roles/krb5-kdc-ldap/tasks/main.yml b/roles/krb5-kdc-ldap/tasks/main.yml
index cb6e78c..dec714d 100644
--- a/roles/krb5-kdc-ldap/tasks/main.yml
+++ b/roles/krb5-kdc-ldap/tasks/main.yml
@@ -173,6 +173,7 @@
   with_items:
     - host
     - ldap
+    - HTTP
   when: not krb5kdc.stat.exists
 
 - name: add principal to the keytab
@@ -180,6 +181,7 @@
   with_items:
     - host
     - ldap
+    - HTTP
   when: not krb5kdc.stat.exists
 
 - name: allow slapd to read the keytab
@@ -188,6 +190,7 @@
     owner: root
     group: openldap
     mode: '0640'
+  notify: restart slapd
 
 - name: "make 'kerberos' an alias hostname resolvable from the LAN"
   replace: