Hello,
I''m implementing LDAP user authentication as in Enterprise Recipes With
Ruby and Rails
(http://pragprog.com/titles/msenr/enterprise-recipes-with-ruby-and-rails)
and, according to the book, it is pretty simple, just as follows:
require ''net/ldap''
class User
BASE = ''dc=enterpriserecipes,dc=com''
LDAP_USER = ''cn=root,dc=enterpriserecipes,dc=com''
LDAP_PASSWORD = ''t0p$ecret''
def self.authenticate(email, password)
email_filter = Net::LDAP::Filter.eq(''mail'', email)
ldap_con = connect(LDAP_USER, LDAP_PASSWORD)
dn = ''''
ldap_con.search(:base => BASE, :filter => email_filter) do |entry|
dn = entry.dn
end
!dn.empty? and connect(dn, password).bind
end
private
def self.connect(dn, password)
Net::LDAP.new(
:host => ''localhost'',
:port => 389,
:auth => {
:method => :simple,
:username => dn,
:password => password
}
)
end
end
Therefore, this is not secure, since I can see the user password in
authenticate method. Does anyone know a way to hide the password from
the developer, encrypting it or something?
Thanks for your time.
--
Posted via http://www.ruby-forum.com/.