diff --git a/SAS/TMSS/src/tmss/settings.py b/SAS/TMSS/src/tmss/settings.py
index 42fe120b0cb22f315ceb80c2f2842e97f1f33456..4c1fa6c4cbafb7b7b82ee7f6037e812a2465a760 100644
--- a/SAS/TMSS/src/tmss/settings.py
+++ b/SAS/TMSS/src/tmss/settings.py
@@ -15,6 +15,8 @@ import ldap
 import logging
 from lofar.common import dbcredentials, isDevelopmentEnvironment
 
+logger = logging.getLogger(__name__)
+
 LOGGING = {
     'version': 1,
     'disable_existing_loggers': False,
@@ -129,7 +131,6 @@ TEMPLATES = [
 
 WSGI_APPLICATION = 'lofar.sas.tmss.tmss.wsgi.application'
 
-
 # Database
 # https://docs.djangoproject.com/en/2.0/ref/settings/#databases
 
@@ -192,24 +193,25 @@ REST_FRAMEWORK = {
 }
 
 # LDAP
-ldap_creds_name = os.environ.get('TMSS_LDAPCREDENTIALS', 'tmss_ldap')
-django_ldap_credentials = dbcredentials.DBCredentials().get(ldap_creds_name)
-logger.info("TMSS Django settings: Using dbcreds '%s' for ldap authentication: %s",
-            ldap_creds_name, django_ldap_credentials.stringWithHiddenPassword())
-
-AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER }       # cert still expired?
-AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT : ldap.OPT_X_TLS_NEVER }  # cert still expired?
-# AUTH_LDAP_BIND_DN = ''              # our LDAP is open
-# AUTH_LDAP_BIND_PASSWORD = ''        # our LDAP is open
-protocol = 'ldap://' if isDevelopmentEnvironment() else 'ldaps://'
-AUTH_LDAP_SERVER_URI = "%s%s:%s" % (protocol, django_ldap_credentials.host, django_ldap_credentials.port)
-AUTH_LDAP_USER_DN_TEMPLATE="cn=%(user)s,ou=Users,o=lofar,c=eu"
-
-AUTH_LDAP_USER_ATTR_MAP = {
-    "first_name": "givenName",
-    "last_name": "sn",
-    "email": "mail"
-}
+if 'TMSS_LDAPCREDENTIALS' in os.environ:
+    ldap_creds_name = os.environ.get('TMSS_LDAPCREDENTIALS', 'tmss_ldap')
+    django_ldap_credentials = dbcredentials.DBCredentials().get(ldap_creds_name)
+    logger.info("TMSS Django settings: Using dbcreds '%s' for ldap authentication: %s",
+                ldap_creds_name, django_ldap_credentials.stringWithHiddenPassword())
+
+    AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER }       # cert still expired?
+    AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT : ldap.OPT_X_TLS_NEVER }  # cert still expired?
+    # AUTH_LDAP_BIND_DN = ''              # our LDAP is open
+    # AUTH_LDAP_BIND_PASSWORD = ''        # our LDAP is open
+    protocol = 'ldap://' if isDevelopmentEnvironment() else 'ldaps://'
+    AUTH_LDAP_SERVER_URI = "%s%s:%s" % (protocol, django_ldap_credentials.host, django_ldap_credentials.port)
+    AUTH_LDAP_USER_DN_TEMPLATE="cn=%(user)s,ou=Users,o=lofar,c=eu"
+
+    AUTH_LDAP_USER_ATTR_MAP = {
+        "first_name": "givenName",
+        "last_name": "sn",
+        "email": "mail"
+    }
 
 # OPEN-ID CONNECT