failed bind vs. authorization identity

It's dangerous to look to closely at an internet-draft...

authmeth 4.2 (Anonymous Authorization After Failed Bind) says:

>   Upon receipt of a Bind request, the LDAP session is moved to an
>   anonymous state and only upon completion of the authentication
>   exchange (and the Bind operation) with a resultCode of success is
>   the LDAP session moved to an authenticated state. Thus, a failed
>   Bind operation produces an anonymous authorization state.

If an already authenticated user does a Bind and receives non-success,
does he then know that the session has reverted to anonymous?

Even if he got unavailableCriticalExtension, which means the server
"MUST NOT perform the operation" ([Prococol] 4.1.11. Controls)?
Or invalidDNSyntax?

How about protocolError - that can be either a valid Bind request with
an unsupported version number, or genuine protocol error.

What is a Bind request anyway?  Any LDAPMessage with the [APPLICATION 0]
tag?  Any message which parses as a valid BindRequest from the ASN.1 in
[protocol] 4.2(Bind Operation)?  Is it still a Bind request if the
LDAPMessage is itself is valid, but it contains a control which is
invalid according to its control spec?

-- 
Hallvard