devise_ldap_authenticatable icon indicating copy to clipboard operation
devise_ldap_authenticatable copied to clipboard

Published 20 hours ago verified publisher icon cschiewek

Allow TLS CA File

Open cheynewallace opened this issue 9 years ago • 1 comments

First up, thanks for a great gem.

Second, I have a requirement to enable TLS LDAP authentication, although unless we can supply a trusted CA cert, its not terribly secure as it will just accept any cert its given.

I had a dig through the Gems code and I don't see anyway to supply a trusted CA cert. It just defaults to simple TLS https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/lib/devise_ldap_authenticatable/ldap/connection.rb#L13

Checking the Ruby docs for the ruby-ldap lib shows that it's probably not that difficult to implement (see: http://www.rubydoc.info/github/ruby-ldap/ruby-net-ldap/Net/LDAP:encryption)

Is there any chance this may be included in the future?

cheynewallace avatar Feb 05 '15 19:02 cheynewallace

I believe you can achieve this with:

ldap_options[:encryption] = { method: ldap_config["ssl"], ca_file: '/path/to/cert' }

RobertAndrewHall avatar Oct 21 '16 10:10 RobertAndrewHall