Description
As it stands, the library unconditionally loads the contents from the file system when using the URL directive (:<), both in standard attributes and in control values. However, this makes the parser unusable for loading untrusted input without first sanitizing it. As the LDIF RFC spec notes, care should be taken when parsing untrusted input, as the file URL functionality allows malicious actors to read files from the local system (such as /etc/hostname or /etc/passwd).
While it's possible to disable the parsing of Controls entirely with the Controls boolean flag in the LDIF struct (which has the effect of disabling loading files inside control values), it's not possible to disable this behavior for attribute values. It would be preferrable to have some additional option when calling ldif.Unmarshal that allows for turning off the parser's behavior of following and loading file URLs when using the :< directive.