Don't use this for highly confidential data (as you should never
provide such data over Internet)!
Note that every CGI-BIN or web application server is a security risk.
There's no warranty by the author of any kind!
Running as simple CGI-BIN under the control of Apache is still
the most secure running-mode since extension like mod_python or
modules like M2Crypto are not as thorougly tested as Apache.
It's highly recommended deploying SSL and client certificates for
securing the LDAP access through this gateway!
Good news: web2ldap does not invoke any external program
(e.g. via the os.system() or os.popen() functions).
Take care of the security configuration options in the source especially
when running with public access. Note that these options are not intended
for fine access control to the directory data itself. You have to rely
on the access control configured on your LDAP-host based on the Bind DN.
web2ldap binds to a LDAP-host with a Bind-DN given by the user.
The environment variables for SSL data is specific for mod_ssl
(preferred) or ApacheSSL (automatically used fallback option).
All HTTP-headers have expire date set to current time to avoid
security problems with browsers and proxies caching secret data.
But be aware that some browsers/proxies ignore this and are caching all
data anyway. One solution to avoid caching by proxies is to use a
SSL-enabled web server because the web client uses the CONNECT-method
through the proxy.
No input data should be written to web server/proxy logs
=> script method should be POST!