The service account is used for various things like searching for users (when editing Environments) or to lookup what groups a user is a member of when using an API key (vs direct login through the UI). Basically any time we need something from LDAP other than login, because we don’t save the logged-in user’s credentials anywhere after login.
You are correct that they are not used when verifying a user login (which is what happens when you click that button before we turn access control enforcing on and potentially lock you out). That should be opening a connection and then immediately binding with the “your username” and password. So I’m not sure what is being requested un-bind-ed, but we will look into that.