Allow ldap setting without user/password authentication
diff --git a/keystone/files/_ldap.conf b/keystone/files/_ldap.conf
index 5cfabd0..cabf873 100644
--- a/keystone/files/_ldap.conf
+++ b/keystone/files/_ldap.conf
@@ -1,12 +1,14 @@
[ldap]
url = {{ ldap.url }}
+{%- if ldap.get('auth', True) == True %}
{%- if ldap.bind_user is defined %}
user = {{ ldap.bind_user }}
{%- else %}
user = uid={{ ldap.get("uid", "keystone") }},cn=users,cn=accounts,{{ ldap.suffix }}
{%- endif %}
password = {{ ldap.password }}
+{%- endif %}
suffix = {{ ldap.suffix }}
query_scope = {{ ldap.get("query_scope", "one") }}
page_size = {{ ldap.get("page_size", "0") }}