Page created: 22 Oct 2020 |
Page updated: 7 Jul 2021
The authorization identity request control is described in RFC 3829 and can be included in a bind request to indicate that the server should include the resulting authorization identity in the successful bind response.
In PingDirectory Server, this authorization identity is always in the form of a
distinguished name (DN), prefixed by
dn: (for example,
This control is useful to determine the DN of the authenticated user entry, especially when the bind request does not identify the user by a DN, such as if the client was identified by a username, a Kerberos principal, a client certificate, or an OAuth access token.