From 33104d2cc27011f2e36104c21f721df36cdfd21b Mon Sep 17 00:00:00 2001
From: Ionuț Arțăriși <iartarisi@suse.cz>
Date: Fri, 29 Jun 2012 13:57:42 +0200
Subject: don't assume that the LDAP server require authentication

Change-Id: I67f64e6eb19e7a96c0e50f99e57c7fee613df909
---
 keystone/common/ldap/core.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py
index 2734ce44..b450dac4 100644
--- a/keystone/common/ldap/core.py
+++ b/keystone/common/ldap/core.py
@@ -107,7 +107,11 @@ class BaseLdap(object):
         if password is None:
             password = self.LDAP_PASSWORD
 
-        conn.simple_bind_s(user, password)
+        # not all LDAP servers require authentication, so we don't bind
+        # if we don't have any user/pass
+        if user and password:
+            conn.simple_bind_s(user, password)
+
         return conn
 
     def _id_to_dn(self, id):
-- 
cgit