LDAPv3 Wire Protocol Reference: The LDAP Unbind Operation

The LDAP unbind operation is poorly named. It sounds as if it should undo the effects of a bind operation. For example, one might expect that an unbind operation reverts a connection to an unauthenticated state. It doesn’t (although you can cause a connection to become unauthenticated using an anonymous simple bind request).

Instead, the unbind operation is used to indicate that the client wants to close the connection to the directory server. There shouldn’t be any attempt to use a connection after an unbind request has been sent. Immediately after sending an unbind request on a connection, the client should close that connection. Likewise, immediately after receiving an unbind request from a client, the server should close that client connection.

Even though it’s a good practice for clients to send an unbind request before closing a connection, directory servers must be able to handle clients that disconnect without an unbind request.

RFC 4511 section 4.3 defines an unbind request protocol operation as follows:

UnbindRequest ::= [APPLICATION 2] NULL

That is, an unbind request protocol op is simply a null element with BER type 0x42 (application class, primitive, tag number two). An unbind request with message ID three and no controls is encoded as:

30 05 -- Begin the LDAPMessage sequence
   02 01 03 -- The message ID (integer value 3)
   42 00 -- The unbind request protocol op

There is no response to an unbind request.

Previous: The LDAP Search Operation Next: The LDAP Intermediate Response