Proxy Authorization

Request that an operation be processed by a different authorization identity than the one that is currently associated with the connection. See RFC 4370.

Using the Proxy Authorization Control

Connection conn = DefaultConnectionFactory.getConnection("ldap://directory.ldaptive.org");
try {
  conn.open();
  SearchOperation search = new SearchOperation(conn);
  SearchRequest request = new SearchRequest("dc=ldaptive,dc=org", new SearchFilter("(givenName=daniel)"));
  request.setControls(new ProxyAuthorizationControl("dn:uid=dfisher,ou=people,dc=ldaptive,dc=org"));
  SearchResult result = search.execute(request).getResult();
  for (LdapEntry entry : result.getEntries()) {
    // do something useful with the entries
  }
} finally {
  conn.close();
}

Provider Support

JNDI	JLDAP	Apache LDAP	UnboundID	OpenDJ
✓	✓	✗	✓	✓

✓	Functionality exists in the provider API and has been confirmed
✗	Functionality does not exist in the provider API
✶	Functionality exists in the provider API, but did not work in our test environment
?	Functionality exists in the provider API, but has not been integrated into the ldaptive provider