The following ACIs can be used to allow the application
"cn=OnBehalf,ou=applications,dc=example,dc=com" to use the proxied authorization v2
control to request that operations be performed using an alternate authorization identity.
The application user is also required to have the
proxied-auth privilege as discussed later in this chapter:
aci: (version 3.0;acl "Application OnBehalf can proxy as another entry"; allow (proxy) userdn="ldap:///cn=OnBehalf,ou=applications,dc=example,dc=com";)