Make it more easily readable, like the previously existing version.
Set net_ldap_rawsocket centrally once in new() instead in the various connect_ldap*() methods.
According to the RFC, if we are using a SASL security layer, then we rebind and negotiate a new security layer, the new layer replaces the old. If, on the other hand, the rebind doesn't negotiate a security layer, then the old layer remains in place. Previously Net::LDAP was attempting to apply the new layer (if any) on top of the old layer, which is incorrect. Rebind was also failing if a security layer had previously been negotiated since the security-layer filehandle doesn't support socket operations. Since we now need to keep the raw (TCP or SSL) filehandle around anyway, we can do the socket operations on that instead.
Simplify the 'changetype: modify' case in _write_entry.
Only use it when necessary, as otherwise it slows down reading by an unacceptable factor of 4.
preparations for next release
First try with a hand-edited META.json. Let's see how it works out.
RFC 2696 explicitly states that only a cookie set to the empty string indicates that the search is done. I.e. a cookie value of '0' is allowed and must not terminate the search. Adapt the example code to reflect this fact. Thanks to David De Borre for reporting the bug and the 389 Directory Server team for the analysis.
Stop setting global SSL settings via IO::Socket::SSL::context_init() in Net::LDAP::start_tls(). According to Steffen Ullrich, the IO::Socket::SSL maintainer, setting the global SSL settings is not necessary. While looking at it, Steffen found that connect_ldaps() does not make sure the 'sslserver' argument is set to allow checking for the correct host name. Fix this as well. Thanks to Klara Mall for reporting the bug and to Steffen Ullrich for the patch ideas.
$ldap->modify( , changes => ... ) needs array refs for the attributes and their values to update, no hash refs. Thanks to Steve van der Burg for reporting the bug.
Save some bytes and cycles by using MIME::Base64::decode() instead of MIME::Base64::decode_base64().
Expect it to be present when 'require'ing it. It is a core module anyway for all Perl versions that perl-ldap supports.