I have a rails app with authlogic and LDAP, but my problem is i can see all the users password on the log file, is there something to fix to encrypt those pa开发者_开发技巧sswords. For ldap i use :encryption simple_TLS
Thanks for your help
This is the way I do it with authlogic and net-ldap:
config/ldap.yml
production:
host: localhost
port: 636
base: ou=people,dc=mydomain
admin_user: cn=admin,dc=mydomain
admin_password: password
ssl: true
app/models/ldap_connect.rb
class LdapConnect
attr_reader :ldap
def initialize(params = {})
ldap_config = YAML.load_file("#{RAILS_ROOT}/config/ldap.yml")[RAILS_ENV]
ldap_options = params
ldap_options[:encryption] = :simple_tls if ldap_config["ssl"]
@ldap = Net::LDAP.new(ldap_options)
@ldap.host = ldap_config["host"]
@ldap.port = ldap_config["port"]
@ldap.base = ldap_config["base"]
@ldap.auth ldap_config["admin_user"], ldap_config["admin_password"] if params[:admin]
end
end
app/models/user_session.rb
class UserSession < Authlogic::Session::Base
verify_password_method :valid_ldap_credentials?
end
app/models/user.rb
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.validate_password_field = false
c.logged_in_timeout = 30.minutes
end
def dn
"cn=#{self.email},ou=people,dc=mydomain"
end
def valid_ldap_credentials?(password_plaintext)
ldap = LdapConnect.new.ldap
ldap.auth self.dn, password_plaintext
ldap.bind # will return false if authentication is NOT successful
end
end
精彩评论