Make email addresses optional in external auth if email feature is turned off

Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.

data/users/externalldap.py

@@ -53,15 +53,14 @@ class LDAPUsers(FederatedUsers):
   _LDAPResult = namedtuple('LDAPResult', ['dn', 'attrs'])
 
   def __init__(self, ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr,
-               allow_tls_fallback=False, secondary_user_rdns=None):
-
-    super(LDAPUsers, self).__init__('ldap')
-
+               allow_tls_fallback=False, secondary_user_rdns=None, requires_email=True):
+    super(LDAPUsers, self).__init__('ldap', requires_email)
     self._ldap = LDAPConnectionBuilder(ldap_uri, admin_dn, admin_passwd, allow_tls_fallback)
     self._ldap_uri = ldap_uri
     self._uid_attr = uid_attr
     self._email_attr = email_attr
     self._allow_tls_fallback = allow_tls_fallback
+    self._requires_email = requires_email
 
     # Note: user_rdn is a list of RDN pieces (for historical reasons), and secondary_user_rds
     # is a list of RDN strings.
@@ -167,11 +166,11 @@ class LDAPUsers(FederatedUsers):
     if not response.get(self._uid_attr):
       return (None, 'Missing uid field "%s" in user record' % self._uid_attr)
 
-    if not response.get(self._email_attr):
+    if self._requires_email and not response.get(self._email_attr):
       return (None, 'Missing mail field "%s" in user record' % self._email_attr)
 
     username = response[self._uid_attr][0].decode('utf-8')
-    email = response[self._email_attr][0]
+    email = response.get(self._email_attr, [None])[0]
     return (UserInformation(username=username, email=email, id=username), None)
 
   def get_user(self, username_or_email):