diff --git a/CHANGES b/CHANGES
index 9b0f7969af58c1d71c017dfb74f8c96f27c283b4..d2857b67aa0c23b05005c281f81581c3eb0e97ff 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 OpenLDAP 2.4 Change Log
 
 OpenLDAP 2.4.10 Engineering
+	Fixed libldap file descriptor leak with SELinux (ITS#5507)
 	Fixed slapd missing termination of integerFilter keys (ITS#5503)
 	Fixed slapd-ldap entry_get() op-dependent behavior (ITS#5513)
 	Fixed slapo-syncprov csn update with delta-syncrepl (ITS#5493)
diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c
index e8545354323e74dc5ae2fa5b9d5e2e966835d049..b70d60dda2908693d06464b6ead819b836e93e14 100644
--- a/libraries/libldap/os-ip.c
+++ b/libraries/libldap/os-ip.c
@@ -36,6 +36,9 @@
 #ifdef HAVE_IO_H
 #include <io.h>
 #endif /* HAVE_IO_H */
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
 
 #include "ldap-int.h"
 
@@ -110,6 +113,9 @@ ldap_int_socket(LDAP *ld, int family, int type )
 {
 	ber_socket_t s = socket(family, type, 0);
 	osip_debug(ld, "ldap_new_socket: %d\n",s,0,0);
+#ifdef FD_CLOEXEC
+	fcntl(s, F_SETFD, FD_CLOEXEC);
+#endif
 	return ( s );
 }
 
diff --git a/libraries/libldap/os-local.c b/libraries/libldap/os-local.c
index 70f948de19713af0f4d614d5f013fe80c1411544..0f3c1ee34d548387c03b9b734687a50b60437268 100644
--- a/libraries/libldap/os-local.c
+++ b/libraries/libldap/os-local.c
@@ -47,6 +47,9 @@
 #ifdef HAVE_IO_H
 #include <io.h>
 #endif /* HAVE_IO_H */
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
 
 #include "ldap-int.h"
 #include "ldap_defaults.h"
@@ -89,6 +92,9 @@ ldap_pvt_socket(LDAP *ld)
 {
 	ber_socket_t s = socket(PF_LOCAL, SOCK_STREAM, 0);
 	oslocal_debug(ld, "ldap_new_socket: %d\n",s,0,0);
+#ifdef FD_CLOEXEC
+	fcntl(s, F_SETFD, FD_CLOEXEC);
+#endif
 	return ( s );
 }