I.e., because a connection has already been established, the library will not do any fallback. It only tries to

fallback

if the TCP connection attempt fails.

If I understand correctly, the current fallback mechanisms in openldap library only ensure against unavailable servers, not against misbehaving ones ? In this case, I'd gladly fill an enhancement request.