diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst
index 96265c7d1a6f19098b7b2fde7de2eab5de471358..d15411ae55ed2e89413a793ef9aa6c7196c4311a 100644
--- a/docs/releasenotes.rst
+++ b/docs/releasenotes.rst
@@ -35,6 +35,8 @@ Breaking changes:
 
 * ``ldap_server`` role
 
+  * Parameter ``ldap_server_domain`` is now mandatory.
+
   * Updated default set of TLS ciphers used by server
     (``ldap_tls_ciphers`` parameter). All CBC ciphers have been
     dropped. This could introduce incompatibility with older clients
diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index e0a2e78610898664d259da55fe8cb964482f206b..d2fd1ed45f2dfc0e42cac399aafecde15ec8c013 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -714,11 +714,11 @@ Parameters
   - **state** (state of the group, optional, defaults to ``present``, this
     should be ``present`` or ``absent``, allowing for removal of old groups)
 
-**ldap_server_domain** (string, optional, ``{{ ansible_domain }}``)
+**ldap_server_domain** (string, mandatory)
   Domain that should be used for constructing the base DN of default user LDAP
   database. This should be a sub-domain dedicated to organisation. The base DN
   will be constructed by putting all elements of the sub-domain as ``dc``
-  entries (as per standard Debian convention). I.e. ``example.com`` would get
+  entries (as per standard Debian convention). E.g. ``example.com`` would get
   transformed into ``dc=example,dc=com``.
 
 **ldap_server_organization** (string, optional, ``Private``)
diff --git a/roles/ldap_server/defaults/main.yml b/roles/ldap_server/defaults/main.yml
index bc5466ba468b2ec8bf3add2e2b6bee44de7b7878..208e3fa0c8d9a4a957be8a798f02a1a5077a7dce 100644
--- a/roles/ldap_server/defaults/main.yml
+++ b/roles/ldap_server/defaults/main.yml
@@ -2,7 +2,6 @@
 
 enable_backup: false
 ldap_entries: []
-ldap_server_domain: "{{ ansible_domain }}"
 # Internal value, base DN.
 ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"
 ldap_server_organization: "Private"
diff --git a/roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml b/roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml
index 079f29955f5fee0af3591bce03900e605ffc13e1..607f56184812c7162ee4978ccef930c5783abdab 100644
--- a/roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml
+++ b/roles/ldap_server/molecule/default/group_vars/parameters-mandatory.yml
@@ -2,6 +2,8 @@
 
 ldap_admin_password: adminpassword
 
+ldap_server_domain: "local"
+
 ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_ldap.cert.pem') }}"
 ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_ldap.key.pem') }}"
 
diff --git a/roles/ldap_server/molecule/default/molecule.yml b/roles/ldap_server/molecule/default/molecule.yml
index 3e90fe5f1cd5135702d73928f1c097160b4a26ca..681b9238eacd0e73db72212b23c4eecc77450f31 100644
--- a/roles/ldap_server/molecule/default/molecule.yml
+++ b/roles/ldap_server/molecule/default/molecule.yml
@@ -24,7 +24,7 @@ platforms:
         network_name: private_network
         type: static
 
-  - name: parameters-mandatory-stretch64.local
+  - name: parameters-mandatory-stretch64
     groups:
       - parameters-mandatory
     box: debian/contrib-stretch64
diff --git a/roles/ldap_server/molecule/default/prepare.yml b/roles/ldap_server/molecule/default/prepare.yml
index 7325fe141a03fda734ff3a57120daa705f15f746..4a8e9c7c69e30a6a672665d62896646fef78231e 100644
--- a/roles/ldap_server/molecule/default/prepare.yml
+++ b/roles/ldap_server/molecule/default/prepare.yml
@@ -23,8 +23,8 @@
           - "{{ item.name }}"
           - "{{ item.fqdn }}"
       with_items:
-        - name: parameters-mandatory-stretch64.local_ldap
-          fqdn: parameters-mandatory.local
+        - name: parameters-mandatory-stretch64_ldap
+          fqdn: parameters-mandatory
         - name: parameters-optional-stretch64_ldap
           fqdn: parameters-optional
 
@@ -79,7 +79,7 @@
         mode: 0644
         state: present
       with_dict:
-        10.31.127.22: parameters-mandatory-stretch64.local
+        10.31.127.22: parameters-mandatory-stretch64
         10.31.127.23: parameters-optional-stretch64
 
 - hosts: parameters-optional
@@ -112,7 +112,7 @@
         mode: 0644
         state: present
       with_dict:
-        127.0.2.1: parameters-mandatory.local
+        127.0.2.1: parameters-mandatory
 
 - hosts: backup-server
   become: true
diff --git a/roles/ldap_server/molecule/default/tests/test_mandatory.py b/roles/ldap_server/molecule/default/tests/test_mandatory.py
index 8bdafacc5c7f210c5cdf966babd6a5983c17155c..ad57079a60c68719fbcce6005d4dd498efe2ff74 100644
--- a/roles/ldap_server/molecule/default/tests/test_mandatory.py
+++ b/roles/ldap_server/molecule/default/tests/test_mandatory.py
@@ -59,11 +59,11 @@ def test_tls_connectivity(host):
     STARTTLS/TLS.
     """
 
-    starttls = host.run('ldapwhoami -Z -x -H ldap://parameters-mandatory.local/')
+    starttls = host.run('ldapwhoami -Z -x -H ldap://parameters-mandatory/')
     assert starttls.rc == 0
     assert starttls.stdout == 'anonymous\n'
 
-    tls = host.run('ldapwhoami -x -H ldaps://parameters-mandatory.local/')
+    tls = host.run('ldapwhoami -x -H ldaps://parameters-mandatory/')
     assert tls.rc == 0
     assert tls.stdout == 'anonymous\n'