Overview#

Search Using the Authorization Identity Request Control

The Authorization Identity Request Control allows the client to obtain the authorization identity for the client connection during the LDAP bind request. The authorization ID returned by the server is displayed to the client as soon as authentication has completed. The line containing the authorization ID is prefixed with a # character, making it a comment if the output is to be interpreted as an LDIF.

You can specify the Authorization Identity Request Control with ldapsearch in a number of ways:

  • OID. Use the --control or -J option with the Authorization Identity Request Control OID: 2.16.840.1.113730.3.4.16 with no value.
  • Named constant. Use a named constant, authzid or authorizationidentity with the -control or -J option instead of using the Authorization Identity Request Control OID. For example, use -J authzid or -J authorizationidentity with the ldapsearch command.

Here is a LDAP Search Example Using the Authorization Identity Request Control on a particular LDAP Server:

Use the ldapsearch command with the --reportAuthzID option.

$ ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w password -b dc=example,dc=com --searchScope base --reportAuthzID "(objectclass=*)"

# Bound with authorization ID dn:cn=Directory Manager,cn=Root DNs,cn=config
dn: dc=example,dc=com
objectClass: domain
objectClass: top
dc: example 

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-4) was last changed on 06-Nov-2015 05:35 by jim