Bind Response


BindResponse is the LDAP Message that consists of an LDAP Result Code from the DSA of the status of the DUA's Bind Request for authentication.
BindResponse ::= [APPLICATION 1] SEQUENCE {
      serverSaslCreds    [7] OCTET STRING OPTIONAL } 

If the Bind Request was successful, the resultCode will be success, otherwise it will be one of:

  • operationsError: server encountered an internal error (LDAP Result Code 1)
  • protocolError: unrecognized version number or incorrect PDU structure (LDAP Result Code 2)
  • authMethodNotSupported: unrecognized SASL mechanism name (LDAP Result Code 7)
  • strongAuthRequired: the server requires authentication be performed with a SASL Mechanism (LDAP Result Code 8)
  • referral: this server cannot accept this bind and the client should try another (LDAP Result Code 10)
  • saslBindInProgress: the server requires the client to send a new bind request, with the same SASL Mechanism, to continue the authentication process,
  • inappropriateAuthentication: the server requires the client which had attempted to bind anonymously or without supplying credentials to provide some form of credentials (LDAP Result Code 48)
  • invalidCredentials: the wrong password was supplied or the SASL credentials could not be processed (LDAP Result Code 49)
  • unavailable: the server is shutting down (LDAP Result Code 81)

If the server does not support the client's requested protocol version, it MUST set the resultCode to protocolError.

If the client receives a BindResponse response where the resultCode was protocolError, it MUST close the connection as the server will be unwilling to accept further operations. This is for compatibility with earlier versions of LDAP, in which the bind was always the first operation, and there was no negotiation.)

The serverSaslCreds are used as part of a SASL Mechanisms to allow the client to authenticate the server to which it is communicating, or to perform "challenge-response" authentication. If the client bound with the password choice, or the SASL Mechanism does not require the server to return information to the client, then this field is not to be included in the result.

More Information#

There might be more information for this subject on one of the following: