https://bugs.openldap.org/show_bug.cgi?id=9432
--- Comment #3 from sternenseemann@systemli.org --- (In reply to Howard Chu from comment #2)
That's because sasl_client_done() deinitializes the entire library, whereas ldap_unbind_ext is only for closing a single session. Since the allocations done by sasl_client_init() only occur once in the lifetime of a process, this isn't actually a significant leak. It would only be significant if it leaked every time a new session was created within the same process.
That's fair, but I feel like there should be at least some measure or documentation on this, since it is not obvious to an user of libldap that the library may have been linked against cyrus sasl and they subsequently have to call sasl_client_done().