Disable LDAP support when not allowed by license.

awx/api/serializers.py

@@ -608,11 +608,12 @@ class UserSerializer(BaseSerializer):
         new_password = getattr(obj, '_new_password', None)
         # For now we're not raising an error, just not saving password for
         # users managed by LDAP who already have an unusable password set.
-        try:
-            if obj.pk and obj.profile.ldap_dn and not obj.has_usable_password():
-                new_password = None
-        except AttributeError:
-            pass
+        if getattr(settings, 'AUTH_LDAP_SERVER_URI', None) and feature_enabled('ldap'):
+            try:
+                if obj.pk and obj.profile.ldap_dn and not obj.has_usable_password():
+                    new_password = None
+            except AttributeError:
+                pass
         if new_password:
             obj.set_password(new_password)
         if not obj.password:
@@ -633,6 +634,8 @@ class UserSerializer(BaseSerializer):
         return res
 
     def _validate_ldap_managed_field(self, attrs, source):
+        if not getattr(settings, 'AUTH_LDAP_SERVER_URI', None) or not feature_enabled('ldap'):
+            return attrs
         try:
             is_ldap_user = bool(self.object.profile.ldap_dn)
         except AttributeError:

awx/api/views.py

@@ -190,7 +190,7 @@ class ApiV1ConfigView(APIView):
         # If LDAP is enabled, user_ldap_fields will return a list of field
         # names that are managed by LDAP and should be read-only for users with
         # a non-empty ldap_dn attribute.
-        if getattr(settings, 'AUTH_LDAP_SERVER_URI', None):
+        if getattr(settings, 'AUTH_LDAP_SERVER_URI', None) and feature_enabled('ldap'):
             user_ldap_fields = ['username', 'password']
             user_ldap_fields.extend(getattr(settings, 'AUTH_LDAP_USER_ATTR_MAP', {}).keys())
             user_ldap_fields.extend(getattr(settings, 'AUTH_LDAP_USER_FLAGS_BY_GROUP', {}).keys())