Authorization Identity Control
The authorization identity supportedControl are a pair of request and response controls defined in RFC 3829 that can be used in conjunction with an LDAP bind operation to allow the client to learn the authorization identity for the client connection.
The authorization identity request control has an OID of "2.16.840.1.113718.104.22.168" and does not have a value. The authorization identity response control has an OID of "2.16.840.1.113722.214.171.124" and the value of that control should be a string representing the authorization identify for that connection (or an empty string if the authorization identity is that of the anonymous user).
The response control should only be included in the response if the authentication was successful.
Note that the authorization identity controls are only allowed for use in conjunction with the Bind Request, and therefore cannot be used after the client has authenticated. The "Who Am I" extended operation can be used to obtain the authorization identity at any time after the bind has completed.
For an example of using this control in a search request, see Search Using the Authorization Identity Request Control.