开发者

Authlogic LDAP : encrypt communication

开发者 https://www.devze.com 2022-12-27 11:24 出处:网络
I have a rails app with authlogic and LDAP, but my problem is i can see all the users password on the log file, is there something to fix to encrypt those pa开发者_开发技巧sswords.

I have a rails app with authlogic and LDAP, but my problem is i can see all the users password on the log file, is there something to fix to encrypt those pa开发者_开发技巧sswords. For ldap i use :encryption simple_TLS

Thanks for your help


This is the way I do it with authlogic and net-ldap:

config/ldap.yml

    production:
      host: localhost
      port: 636
      base: ou=people,dc=mydomain
      admin_user: cn=admin,dc=mydomain
      admin_password: password
      ssl: true

app/models/ldap_connect.rb

    class LdapConnect

      attr_reader :ldap

      def initialize(params = {})
        ldap_config = YAML.load_file("#{RAILS_ROOT}/config/ldap.yml")[RAILS_ENV]
        ldap_options = params
        ldap_options[:encryption] = :simple_tls if ldap_config["ssl"]

        @ldap = Net::LDAP.new(ldap_options)
        @ldap.host = ldap_config["host"]
        @ldap.port = ldap_config["port"]
        @ldap.base = ldap_config["base"]
        @ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin] 
      end

    end

app/models/user_session.rb

    class UserSession < Authlogic::Session::Base

      verify_password_method :valid_ldap_credentials?

    end

app/models/user.rb

class User < ActiveRecord::Base

  acts_as_authentic do |c|
    c.validate_password_field = false
    c.logged_in_timeout = 30.minutes
  end

  def dn
    "cn=#{self.email},ou=people,dc=mydomain"
  end

  def valid_ldap_credentials?(password_plaintext)
    ldap = LdapConnect.new.ldap
    ldap.auth self.dn, password_plaintext
    ldap.bind # will return false if authentication is NOT successful
  end

end
0

精彩评论

暂无评论...
验证码 换一张
取 消