The standard proxied authorization V2 request control may be included in a request to indicate that the server should process that request under the authority of another user, rather than under the authority of the user currently authenticated on the connection. The control has an OID of 2.16.840.1.113730.3.4.18, and it takes a value. The following fields may be present in the value-json representation of the value:

• authorization-id: A mandatory string field whose value is an authorization ID that identifies the user as whom the request should be authorized. The authorization ID should either start with “dn:” and be followed by the DN of the user, or it should start with “u:” and be followed by a username (or some other type of identifier) for the user.

The following sample shows the JSON encoding for the control:

{ 
    "oid": "2.16.840.1.113730.3.4.18",
    "control-name": "Proxied Authorization V2 Request Control",
    "criticality": true,
    "value-json": { 
        "authorization-id": "dn:uid=jdoe,ou=People,dc=example,dc=com"
    }
}