RFC 3829 (rfc3829) - Page 1 of 6
Lightweight Directory Access Protocol (LDAP) Authorization Identity Request and Response Controls
Alternative Format: Original Text Document
Network Working Group R. Weltman
Request for Comments: 3829 America Online
Category: Informational M. Smith
Pearl Crescent, LLC
M. Wahl
July 2004
Lightweight Directory Access Protocol (LDAP)
Authorization Identity Request and Response Controls
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
Abstract
This document extends the Lightweight Directory Access Protocol
(LDAP) bind operation with a mechanism for requesting and returning
the authorization identity it establishes. Specifically, this
document defines the Authorization Identity Request and Response
controls for use with the Bind operation.
1. Introduction
This document defines support for the Authorization Identity Request
Control and the Authorization Identity Response Control for
requesting and returning the authorization established in a bind
operation. The Authorization Identity Request Control may be
submitted by a client in a bind request if authenticating with
version 3 of the Lightweight Directory Access Protocol (LDAP)
protocol [LDAPv3]. In the LDAP server's bind response, it may then
include an Authorization Identity Response Control. The response
control contains the identity assumed by the client. This is useful
when there is a mapping step or other indirection during the bind, so
that the client can be told what LDAP identity was granted. Client
authentication with certificates is the primary situation where this
applies. Also, some Simple Authentication and Security Layer [SASL]
authentication mechanisms may not involve the client explicitly
providing a DN, or may result in an authorization identity which is
different from the authentication identity provided by the client
[AUTH].
Weltman, et al. Informational