The authorization identity request control is described in RFC 3829 and can be included in a bind request to indicate that the server should include the resulting authorization identity in the successful bind response.
In the PingDirectory server, this authorization
identity is always in the form of a distinguished name (DN), prefixed by
dn: (for example,
This control is useful to determine the DN of the authenticated user entry,
especially when the bind request does not identify the user by a DN, such as if the
client was identified by a username, a