!!! Overview
An authorization ID is an identifier that is used by a client to indicate that one or more operations should be performed under the authority of an alternate identity.  This alternate authorization identity can last for a single operation (when used in conjunction with the [Proxied Authorization Control]), or for the entire duration of an authentication session (when used in conjunction with an appropriate SASL mechanism, like [DIGEST-MD5], [GSSAPI], or [PLAIN SASL Mechanism]).

In most cases, an authorization ID should be specified in one of the following forms:

* The string "dn:" followed by the [DN] of the target user (or just the string "dn:" if the authorization identity should be that of the anonymous user).
* The string "u:" followed by a username used to identify the user.  An [identity mapper|Definition -- Identity Mapper] will be used to map the provided username to the corresponding user [LDAP Entry].

In OpenDS, the ability for a client to use an alternate authorization identity is controlled by the "proxied-auth" [Privilege].  In some cases, additional [Access Control] rights may also be required.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]