The get authorization entry request control
While the authorization identity request control can be helpful, it only provides the distinguished name (DN) of the authenticated user and the specification does not even require that.
The PingDirectory server offers a more useful alternative in the form of the proprietary get authorization entry request control.
This control can also be included in a bind request, and if the bind is successful, then the server can return a corresponding response control with the DN and a requested set of attributes from the authenticated user’s entry. If the bind request also used an alternate authorization identity, then the response control can also include information about that user.