The 4th and 5th bullet points under "symptom details" of my original ticket text are not supported by the evidence. Corrected replacements:

* Valgrind does NOT show lost memory after a ONE SASL authentication by a process.

* Valgrind shows N-1 lost memory blocks after N multiple SASL authentications by a process. Given the same credentials and mech, each such block is the same size, ca. 500-600 bytes.

On reflection, it is probably the LAST authentication that frees the memory block in question, although my testing seems to indicate it is NOT unbind() that does so; perhaps some sort of process termination callback in OpenLDAP, SASL, or MD5 library code?

Sorry about the initial inaccuracy.