Log auth_method override for anonymous

examples/config files - basic/connector-ldap.yml

@@ -24,7 +24,9 @@ base_dn: "DC=example,DC=com"
 
 # (optional) You can specify what Authentication method to bind LDAP
 # connection with. You can choose either Anonymous, Simple or NTLM.
-# If username is not specified above, authentication method will default to anonymous
+# If username is not specified above, the LDAP connector will override
+# the authentication method and set it to 'anonymous'.
+# If you choose anonymous, you don't have to specify username and password above.
 # If you choose simple, you must provide a username and password.
 # If you choose NTLM, you have to specify the username in this format [Domain]\[Username]
 # for example EXAMPLE\JDOE. You can specify NTLM Password Hash or ClearText for a password.

user_sync/connector/directory_ldap.py

@@ -84,7 +84,9 @@ def __init__(self, caller_options):
             password = caller_config.get_credential('password', options['username'])
         else:
             # override authentication method to anonymous if username is not specified
-            auth_method = 'anonymous'
+            if auth_method != 'anonymous':
+                auth_method = 'anonymous'
+                logger.info("Username not specified, overriding authentication method to 'anonymous'")
         # this check must come after we get the password value
         caller_config.report_unused_values(logger)
 
@@ -144,9 +146,6 @@ def get_options(caller_config):
         builder.require_string_value('base_dn')
         options = builder.get_options()
 
-        if options['username'] is None:
-            options['authentication_method'] = 'anonymous'
-
         options['two_steps_enabled'] = False
         if options['two_steps_lookup'] is not None:
             ts_config = caller_config.get_dict_config('two_steps_lookup', True)