How would you handle authenticating to the other servers? Net::LDAP deliberately does not cache authentication credentials, so it wouldn't be
Couldn't this be overcome by caching the credentials in a hash if following referrals was enabled. To prevent Net::LDAP from caching credentials needlessly, following referrals could be disabled by default.
completely trivial - you almost certainly wouldn't want to offer credentials valid for server A to server B for example. What if there are multiple
My experience with referrals is limited to iPlanet Messenger server and iPlanet Directory server. However, iPlanet appears to require the same credentials on both the ldap server originally specified and the server referred to in the referral. From what I have seen, only the LDAP administrator for a server can create an LDAP referral, so in theory the LDAP servers listed in the referrals should always be trusted LDAP servers.
referrals which could be followed - which choice should be taken?
According to section 4.1.11 of rfc2251, all URIs returned must be equally capable of performing the request. I would choose the first URI that matchs the protocol that the original query/update was submitted with. If the first URI fails, I would proceed to attempt each URI that matches the original protocol used.
Thanks David Syzdek
