diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb
index 75b463fb..635aa97d 100644
--- a/lib/net/ldap.rb
+++ b/lib/net/ldap.rb
@@ -1195,6 +1195,13 @@ def paged_searches_supported?
     @server_caps[:supportedcontrol].include?(Net::LDAP::LDAPControls::PAGED_RESULTS)
   end
 
+  # Mask auth password
+  def inspect
+    inspected = super
+    inspected.gsub! @auth[:password], "*******" if @auth[:password]
+    inspected
+  end
+
   private
 
   # Yields an open connection if there is one, otherwise establishes a new
diff --git a/test/test_ldap.rb b/test/test_ldap.rb
index 9704b346..f30416b2 100644
--- a/test/test_ldap.rb
+++ b/test/test_ldap.rb
@@ -57,4 +57,11 @@ def test_instrument_search_with_size
     assert_equal "(uid=user1)", payload[:filter]
     assert_equal result.size, payload[:size]
   end
+
+  def test_obscure_auth
+    password = "opensesame"
+    assert_include(@subject.inspect, "anonymous")
+    @subject.auth "joe_user", password
+    assert_not_include(@subject.inspect, password)
+  end
 end