ldap_unbind() & co fail without doing anything if a critical client control is set with ldap_set_option() or passed to ldap_unbind_ext_s(). This seems wrong, since ldap_unbind() has always been documented as the way to both close the connection and free the LDAP structure.
Yet if some code does set a critical client control, that might be a hack to get exactly this functionality: Temporarily protect the LDAP* from being destroyed by some other code.
Server controls do not prevent the Unbind. RFC 4511 says the criticality field MUST be ignored for Unbind controls. But that's in the protocol. Client controls are an LDAP API invention.
I don't know which solution to pick. Opinions?
Maybe we should deprecate ldap_unbind... calls now that we have ldap_destroy(). That function also sends an Unbind if it can. But that doesn't affect existing code using ldap_unbind...().
LDAPControl ctrl = {"1.2.3.4", {0,""}, 1}, *ctrls[] = {&ctrl, NULL}; LDAP *ld = ldap_open("ldap", LDAP_PORT); ldap_set_option(ld, LDAP_OPT_CLIENT_CONTROLS, ctrls); ldap_unbind_ext_s(ld, NULL, NULL); /* Connection remains open here... */ sleep(999);