After the Directory Server evaluates the list of users that the authenticated user can proxy as, the server checks to see if the requested authorized user is in the list.
If the requested authorized user is present in the list, then the server continues processing the proxable attributes in the entry. If the requested authorized user is not present in the list, the bind fails.
The operational attributes on the proxying entry are as follows:
- Specifies whether the entry is proxyable or not. Possible values are:
- Operations can be proxied as this user.
- Operations can't be proxied as this user.
- The account cannot authenticate directly but can only be accessed by some form of proxied authorization.
- Specifies any users allowed to use this entry as a target of proxied authorization.
- Specifies any groups allowed to use this entry as a target of proxied authorization. Nested static and dynamic groups are also supported.
- Specifies the LDAP URLs that are used to determine any users that are allowed to use this entry as a target of proxied authorization.