LDAP and password protection

Hello,

I’m implementing LDAP user authentication as in Enterprise Recipes With
Ruby and Rails
(http://pragprog.com/titles/msenr/enterprise-recipes-with-ruby-and-rails)
and, according to the book, it is pretty simple, just as follows:

require ‘net/ldap’

class User
BASE = ‘dc=enterpriserecipes,dc=com’
LDAP_USER = ‘cn=root,dc=enterpriserecipes,dc=com’
LDAP_PASSWORD = ‘t0p$ecret’

def self.authenticate(email, password)
email_filter = Net::LDAP::Filter.eq(‘mail’, email)
ldap_con = connect(LDAP_USER, LDAP_PASSWORD)
dn = ‘’
ldap_con.search(:base => BASE, :filter => email_filter) do |entry|
dn = entry.dn
end
!dn.empty? and connect(dn, password).bind
end

private

def self.connect(dn, password)
Net::LDAP.new(
:host => ‘localhost’,
:port => 389,
:auth => {
:method => :simple,
:username => dn,
:password => password
}
)
end
end

Therefore, this is not secure, since I can see the user password in
authenticate method. Does anyone know a way to hide the password from
the developer, encrypting it or something?

Thanks for your time.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs