This is not the right forum, this is more a support type of question. Anyway: To forward all requests to the AP, as the plugin configures it, should be safe as long as for all App Instances random passwords are used, as the Install configures it. With more path open, you do not expose more code to threats from the internet, just more places where with a brute force attack you could try to find working passwords. With random passwords, this is pretty hopeless.

The LDAP mapping is for our Contacts App, which provides an LDAP interface