I've been trying to build a CGI LDAP tool for password changes using
Net/LDAP (0.0.4), but I'm bumping against what looks like a taint
issue.  I've never dealt with taint before.

In irb, my library works perfectly.  It finds the dn, attempts a bind
with dn/old_word, and then modifies dn with new_word.  Here are the
method calls required to make it work:

load 'ldapengine.rb'
engine = LDAPEngine.new("properties_file")
success, msg = engine.change_password("uid", "old_word", "new_word")
# forward to success.html if success

In eRuby, the same series of calls with the same parameters put
"Insecure operation - initialize" into ldap.rb's $! variable at the
moment of initialization:

   1017     def initialize server
   1018       begin
   1019         @conn = TCPsocket.new( server[:host], server[:port] )
   1020       rescue
   1021         #raise LdapError.new( "no connection to server" )
   1022         raise LdapError.new( "no connection to server: #{$!}" )

Can someone help me understand what I need to untaint, and how, to make
this work?  I've already tried the obvious -- calling .untaint on the
engine object and on all the string parameters in my rhtml file -- to
no effect.

And if by doing so I create undue risk, I'd be glad to know it.  (I do
limit the "uid" to alphanumeric characters, since it is used as a
search key.)

Thanks.