From 3dfe08f4be3facc1ac1119662a75e4438e1be5ab Mon Sep 17 00:00:00 2001
From: Jorrit Schaap <schaap@astron.nl>
Date: Mon, 3 Feb 2020 13:20:30 +0100
Subject: [PATCH] TMSS-139: log ldap settings

---
 SAS/TMSS/src/tmss/settings.py | 40 ++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 19 deletions(-)

diff --git a/SAS/TMSS/src/tmss/settings.py b/SAS/TMSS/src/tmss/settings.py
index 42fe120b0cb..4c1fa6c4cba 100644
--- a/SAS/TMSS/src/tmss/settings.py
+++ b/SAS/TMSS/src/tmss/settings.py
@@ -15,6 +15,8 @@ import ldap
 import logging
 from lofar.common import dbcredentials, isDevelopmentEnvironment
 
+logger = logging.getLogger(__name__)
+
 LOGGING = {
     'version': 1,
     'disable_existing_loggers': False,
@@ -129,7 +131,6 @@ TEMPLATES = [
 
 WSGI_APPLICATION = 'lofar.sas.tmss.tmss.wsgi.application'
 
-
 # Database
 # https://docs.djangoproject.com/en/2.0/ref/settings/#databases
 
@@ -192,24 +193,25 @@ REST_FRAMEWORK = {
 }
 
 # LDAP
-ldap_creds_name = os.environ.get('TMSS_LDAPCREDENTIALS', 'tmss_ldap')
-django_ldap_credentials = dbcredentials.DBCredentials().get(ldap_creds_name)
-logger.info("TMSS Django settings: Using dbcreds '%s' for ldap authentication: %s",
-            ldap_creds_name, django_ldap_credentials.stringWithHiddenPassword())
-
-AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER }       # cert still expired?
-AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT : ldap.OPT_X_TLS_NEVER }  # cert still expired?
-# AUTH_LDAP_BIND_DN = ''              # our LDAP is open
-# AUTH_LDAP_BIND_PASSWORD = ''        # our LDAP is open
-protocol = 'ldap://' if isDevelopmentEnvironment() else 'ldaps://'
-AUTH_LDAP_SERVER_URI = "%s%s:%s" % (protocol, django_ldap_credentials.host, django_ldap_credentials.port)
-AUTH_LDAP_USER_DN_TEMPLATE="cn=%(user)s,ou=Users,o=lofar,c=eu"
-
-AUTH_LDAP_USER_ATTR_MAP = {
-    "first_name": "givenName",
-    "last_name": "sn",
-    "email": "mail"
-}
+if 'TMSS_LDAPCREDENTIALS' in os.environ:
+    ldap_creds_name = os.environ.get('TMSS_LDAPCREDENTIALS', 'tmss_ldap')
+    django_ldap_credentials = dbcredentials.DBCredentials().get(ldap_creds_name)
+    logger.info("TMSS Django settings: Using dbcreds '%s' for ldap authentication: %s",
+                ldap_creds_name, django_ldap_credentials.stringWithHiddenPassword())
+
+    AUTH_LDAP_GLOBAL_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER }       # cert still expired?
+    AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT : ldap.OPT_X_TLS_NEVER }  # cert still expired?
+    # AUTH_LDAP_BIND_DN = ''              # our LDAP is open
+    # AUTH_LDAP_BIND_PASSWORD = ''        # our LDAP is open
+    protocol = 'ldap://' if isDevelopmentEnvironment() else 'ldaps://'
+    AUTH_LDAP_SERVER_URI = "%s%s:%s" % (protocol, django_ldap_credentials.host, django_ldap_credentials.port)
+    AUTH_LDAP_USER_DN_TEMPLATE="cn=%(user)s,ou=Users,o=lofar,c=eu"
+
+    AUTH_LDAP_USER_ATTR_MAP = {
+        "first_name": "givenName",
+        "last_name": "sn",
+        "email": "mail"
+    }
 
 # OPEN-ID CONNECT
 
-- 
GitLab