Keystone bootstrap failed when using LDAP

During a recent upgrade to Mitaka I ran into a failed keystone service setup:

failed: [infra01_keystone_container-e283bc6c] => {"attempts": 5, "changed": true, "cmd": ["/openstack/venvs/keystone-13.3.14/bin/keystone-manage", "bootstrap", "--bootstrap-username", "admin", "--bootstrap-password", "Password", "--bootstrap-project-name", "admin", "--bootstrap-role-name", "admin", "--bootstrap-service-name", "keystone", "--bootstrap-region-id", "RegionOne", "--bootstrap-admin-url", "http://1.2.3.4:35357/v3", "--bootstrap-public-url", "https://1.2.3.4:5000/v3", "--bootstrap-internal-url", "http://1.2.3.4:5000/v3"], "delta": "0:00:02.667424", "end": "2017-07-22 16:12:50.930395", "failed": true, "rc": 1, "start": "2017-07-22 16:12:48.262971", "warnings": []}

which was hit when using LDAP inside keystone.
As workaround I did setup keystone_service_setup to false to skip adding the endpoints.
I am wondering if we can skip this task in general when keystone_ldap contains a configuration or if we have a real keystone issue to look into