Binds with referrals can be used for delegated authentication

It's possible to perform delegated authentication by handling referral chasing in the server on bind operations. This could be a new external authentication mechanism. If a bind request using a principalDn represents a referral or does not exist but has a referral at some ancestor in the DN then the server can delegate the authentication to the target server. If the target server referrenced in the ref attribute authenticates the user then ApacheDS accepts the user as authenticated.