Use ansible_domain everywhere and bail out if it is empty.

roles/krb5-kdc-ldap/templates/kadm5.acl.j2

@@ -1,4 +1,4 @@
 ## access controls for the Kerberos KDC
-root/admin@{{ ldap_domain | upper }} *
-*@{{ ldap_domain | upper }} cil
-*/*@{{ ldap_domain | upper }} i
+root/admin@{{ ansible_domain | upper }} *
+*@{{ ansible_domain | upper }} cil
+*/*@{{ ansible_domain | upper }} i

roles/krb5-kdc-ldap/templates/kdc.conf.j2

@@ -2,7 +2,7 @@
     kdc_ports = 750,88
 
 [realms]
-    {{ ldap_domain | upper }} = {
+    {{ ansible_domain | upper }} = {
         admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
         acl_file = /etc/krb5kdc/kadm5.acl
         key_stash_file = /etc/krb5kdc/stash

roles/krb5-kdc-ldap/templates/krb5.conf.j2

@@ -1,16 +1,16 @@
 [libdefaults]
-        default_realm = {{ ldap_domain | upper }}
+        default_realm = {{ ansible_domain | upper }}
 
 [realms]
-        {{ ldap_domain | upper }} = {
+        {{ ansible_domain | upper }} = {
                 kdc = {{ ansible_hostname }}
                 admin_server = {{ ansible_hostname }}
                 database_module = LDAP
         }
 
 [domain_realm]
-        .{{ ldap_domain }} = {{ ldap_domain | upper }}
-        {{ ldap_domain }} = {{ ldap_domain | upper }}
+        .{{ ansible_domain }} = {{ ansible_domain | upper }}
+        {{ ansible_domain }} = {{ ansible_domain | upper }}
 
 [dbdefaults]
         ldap_kerberos_container_dn = cn=kerberos,{{ basedn }}