Thanks for your help yesterday, now I'm hoping you can help me untangle another "mess" I'm in.
Big picture: I've written a subclass of Net::LDAP that transparently handles referrals (Amazon::Net::LDAP). The referral-handling code is in another module (Amazon::Net::LDAP::Referral, one "public" function) for ease of re-use. The problem: When I chase the referrals, I need to create a new Net::LDAP object that is identical to the one passed into Amazon::Net::LDAP::Referral::referral_exec(), including all the TLS options (capath, ciphers, sslversion...everything that was passed to start_tls() in the orignal object). Otherwise, my original connection might use TLS, but subsequent connections will not (which would be bad). I see how to get the cipher actually in use ($ldap->socket()->get_cipher()), but this won't tell me the list of ciphers that the caller said are acceptable (in my case 'DES-CBC3-SHA:RC4-MD5'). Since I'm being referred to another server, I feel very uneasy about saying "Okay, just use this cipher here...you support that, right?". I also don't see an obvious way to pass-along information about the capath and the other params. :-( What I pretty much need is something like "$ldap->clone()" that would allow me to override the host and port, leaving all other parameters the same, OR an accessor like "$ldap->tls_options()" that would return the key-value pairs that I used in "$ldap->start_tls()". Any suggestions? I'm stumped. :-( I'm using Net::LDAP 0.2701. Upgrading to the most recent version is going to be a nightmare of red tape that I'm not going to be able to even get started until after Christmas (gotta love big companies :-). Thanks, in advance, for any assistance (or sympathy) you can offer. __END__ Dan Kreft Softwear Enguneer <>< Infrastructure Tools & Automation Amazon.com If a man is talking in the forest, and no woman is there to hear him, is he still wrong?
