Overview#Search Using the Authorization Identity Request Control
The Authorization Identity Request Control allows the client to obtain the authorization identity for the client connection during the LDAP bind request. The authorization ID returned by the server is displayed to the client as soon as authentication has completed. The line containing the authorization ID is prefixed with a # character, making it a comment if the output is to be interpreted as an LDIF.
You can specify the Authorization Identity Request Control with ldapsearch in a number of ways:
- OID. Use the --control or -J option with the Authorization Identity Request Control OID: 2.16.840.1.1137220.127.116.11 with no value.
- Named constant. Use a named constant, authzid or authorizationidentity with the -control or -J option instead of using the Authorization Identity Request Control OID. For example, use -J authzid or -J authorizationidentity with the ldapsearch command.
Use the ldapsearch command with the --reportAuthzID option.
$ ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b dc=example,dc=com --searchScope base --reportAuthzID "(objectclass=*)" # Bound with authorization ID dn:cn=Directory Manager,cn=Root DNs,cn=config dn: dc=example,dc=com objectClass: domain objectClass: top dc: example