diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index 8e0b908417d..9b0edf38303 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -291,6 +291,76 @@ PHP_MINIT_FUNCTION(ldap)
 	REGISTER_STRING_CONSTANT("LDAP_EXOP_TURN", LDAP_EXOP_TURN, CONST_PERSISTENT | CONST_CS);
 #endif
 
+/* LDAP Controls */
+/*	standard track controls */
+#ifdef LDAP_CONTROL_MANAGEDSAIT
+	/* RFC 3296 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_MANAGEDSAIT", LDAP_CONTROL_MANAGEDSAIT, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_PROXY_AUTHZ
+	/* RFC 4370 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_PROXY_AUTHZ", LDAP_CONTROL_PROXY_AUTHZ, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_SUBENTRIES
+	/* RFC 3672 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_SUBENTRIES", LDAP_CONTROL_SUBENTRIES, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_VALUESRETURNFILTER
+	/* RFC 3876 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_VALUESRETURNFILTER", LDAP_CONTROL_VALUESRETURNFILTER, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_ASSERT
+	/* RFC 4528 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_ASSERT", LDAP_CONTROL_ASSERT, CONST_PERSISTENT | CONST_CS);
+	/* RFC 4527 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_PRE_READ", LDAP_CONTROL_PRE_READ, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_POST_READ", LDAP_CONTROL_POST_READ, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_SORTREQUEST
+	/* RFC 2891 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_SORTREQUEST", LDAP_CONTROL_SORTREQUEST, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_SORTRESPONSE", LDAP_CONTROL_SORTRESPONSE, CONST_PERSISTENT | CONST_CS);
+#endif
+/*	non-standard track controls */
+#ifdef LDAP_CONTROL_PAGEDRESULTS
+	/* RFC 2696 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_PAGEDRESULTS", LDAP_CONTROL_PAGEDRESULTS, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_AUTHZID_REQUEST
+	/* RFC 3829 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_AUTHZID_REQUEST", LDAP_CONTROL_AUTHZID_REQUEST, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_AUTHZID_RESPONSE", LDAP_CONTROL_AUTHZID_RESPONSE, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_SYNC
+	/* LDAP Content Synchronization Operation -- RFC 4533 */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC", LDAP_CONTROL_SYNC, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC_STATE", LDAP_CONTROL_SYNC_STATE, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_SYNC_DONE", LDAP_CONTROL_SYNC_DONE, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_DONTUSECOPY
+	/* LDAP Don't Use Copy Control (RFC 6171) */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_DONTUSECOPY", LDAP_CONTROL_DONTUSECOPY, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
+	/* Password policy Controls */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_PASSWORDPOLICYREQUEST", LDAP_CONTROL_PASSWORDPOLICYREQUEST, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_PASSWORDPOLICYRESPONSE", LDAP_CONTROL_PASSWORDPOLICYRESPONSE, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_X_INCREMENTAL_VALUES
+	/* MS Active Directory controls */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_INCREMENTAL_VALUES", LDAP_CONTROL_X_INCREMENTAL_VALUES, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_DOMAIN_SCOPE", LDAP_CONTROL_X_DOMAIN_SCOPE, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_PERMISSIVE_MODIFY", LDAP_CONTROL_X_PERMISSIVE_MODIFY, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_SEARCH_OPTIONS", LDAP_CONTROL_X_SEARCH_OPTIONS, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_TREE_DELETE", LDAP_CONTROL_X_TREE_DELETE, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_X_EXTENDED_DN", LDAP_CONTROL_X_EXTENDED_DN, CONST_PERSISTENT | CONST_CS);
+#endif
+#ifdef LDAP_CONTROL_X_INCREMENTAL_VALUES
+	/* LDAP VLV */
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_VLVREQUEST", LDAP_CONTROL_VLVREQUEST, CONST_PERSISTENT | CONST_CS);
+	REGISTER_STRING_CONSTANT("LDAP_CONTROL_VLVRESPONSE", LDAP_CONTROL_VLVRESPONSE, CONST_PERSISTENT | CONST_CS);
+#endif
+
 	le_link = zend_register_list_destructors_ex(_close_ldap_link, NULL, "ldap link", module_number);
 	le_result = zend_register_list_destructors_ex(_free_ldap_result, NULL, "ldap result", module_number);
 	le_result_entry = zend_register_list_destructors_ex(_free_ldap_result_entry, NULL, "ldap result entry", module_number);
@@ -2129,6 +2199,8 @@ PHP_FUNCTION(ldap_sort)
 PHP_FUNCTION(ldap_get_option)
 {
 	zval *link, *retval;
+	zval tmp1;
+	int num_entries;
 	ldap_linkdata *ld;
 	zend_long option;
 
@@ -2273,9 +2345,37 @@ PHP_FUNCTION(ldap_get_option)
 			ZVAL_STRING(retval, val);
 			ldap_memfree(val);
 		} break;
-/* options not implemented
 	case LDAP_OPT_SERVER_CONTROLS:
 	case LDAP_OPT_CLIENT_CONTROLS:
+		{
+			LDAPControl **ctrls = NULL, **ctrlp;
+
+			if (ldap_get_option(ld->link, option, &ctrls) || ctrls == NULL) {
+				if (ctrls) {
+					ldap_memfree(ctrls);
+				}
+				RETURN_FALSE;
+			}
+
+			zval_ptr_dtor(retval);
+			array_init(retval);
+			num_entries = 0;
+			ctrlp = ctrls;
+			while (*ctrlp != NULL)
+			{
+				array_init(&tmp1);
+				add_assoc_string(&tmp1, "oid", (*ctrlp)->ldctl_oid);
+				add_assoc_bool(&tmp1, "iscritical", ((*ctrlp)->ldctl_iscritical != 0));
+				if ((*ctrlp)->ldctl_value.bv_len) {
+					add_assoc_stringl(&tmp1, "value", (*ctrlp)->ldctl_value.bv_val, (*ctrlp)->ldctl_value.bv_len);
+				}
+				zend_hash_index_update(Z_ARRVAL_P(retval), num_entries, &tmp1);
+				num_entries++;
+				ctrlp++;
+			}
+			ldap_controls_free(ctrls);
+		} break;
+/* options not implemented
 	case LDAP_OPT_API_INFO:
 	case LDAP_OPT_API_FEATURE_INFO:
 */
diff --git a/ext/ldap/tests/ldap_get_option_controls.phpt b/ext/ldap/tests/ldap_get_option_controls.phpt
new file mode 100644
index 00000000000..2ec87ebac2e
--- /dev/null
+++ b/ext/ldap/tests/ldap_get_option_controls.phpt
@@ -0,0 +1,68 @@
+--TEST--
+ldap_get_option() and ldap_set_option() tests related to ldap controls
+--CREDITS--
+Côme Chilliet <mcmic@php.net>
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifbindfailure.inc');
+?>
+--FILE--
+<?php
+include "connect.inc";
+
+$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
+insert_dummy_data($link, $base);
+
+function build_ctrl_paged_value($int, $cookie)
+{
+	// This is basic and will only work for small values
+	$hex = '';
+	if (!empty($int)) {
+		$str = sprintf("%'.02x", $int);
+		$hex .= '02'.sprintf("%'.02x%s", strlen($str)/2, $str);
+	}
+	$hex .= '04'.sprintf("%'.02x", strlen($cookie)).bin2hex($cookie);
+	return hex2bin('30'.sprintf("%'.02x", strlen($hex)/2).$hex);
+}
+
+$controls_set = array(
+	array(
+		'oid' => LDAP_CONTROL_PAGEDRESULTS,
+		'iscritical' => TRUE,
+		'value' => build_ctrl_paged_value(1, '')
+	)
+);
+var_dump(
+	bin2hex($controls_set[0]['value']),
+	ldap_get_option($link, LDAP_OPT_SERVER_CONTROLS, $controls_get),
+	ldap_set_option($link, LDAP_OPT_SERVER_CONTROLS, $controls_set),
+	ldap_get_option($link, LDAP_OPT_SERVER_CONTROLS, $controls_get),
+	count($controls_get),
+	$controls_get[0]['oid'],
+	$controls_get[0]['iscritical'],
+	bin2hex($controls_get[0]['value']),
+	$result = ldap_search($link, $base, "(objectClass=person)", array('cn')),
+	ldap_get_entries($link, $result)['count']
+);
+?>
+===DONE===
+--CLEAN--
+<?php
+include "connect.inc";
+
+$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
+remove_dummy_data($link, $base);
+?>
+--EXPECTF--
+string(14) "30050201010400"
+bool(false)
+bool(true)
+bool(true)
+int(1)
+string(22) "1.2.840.113556.1.4.319"
+bool(true)
+string(14) "30050201010400"
+resource(%d) of type (ldap result)
+int(1)
+===DONE===
diff --git a/ext/ldap/tests/ldap_get_option_variation.phpt b/ext/ldap/tests/ldap_get_option_variation.phpt
index f83c505571e..759936ec629 100644
--- a/ext/ldap/tests/ldap_get_option_variation.phpt
+++ b/ext/ldap/tests/ldap_get_option_variation.phpt
@@ -64,8 +64,42 @@ bool(true)
 int(0)
 bool(true)
 int(0)
-bool(false)
-int(0)
-bool(false)
-int(0)
+bool(true)
+array(2) {
+  [0]=>
+  array(2) {
+    ["oid"]=>
+    string(15) "1.2.752.58.10.1"
+    ["iscritical"]=>
+    bool(true)
+  }
+  [1]=>
+  array(3) {
+    ["oid"]=>
+    string(15) "1.2.752.58.1.10"
+    ["iscritical"]=>
+    bool(false)
+    ["value"]=>
+    string(5) "magic"
+  }
+}
+bool(true)
+array(2) {
+  [0]=>
+  array(2) {
+    ["oid"]=>
+    string(15) "1.2.752.58.10.1"
+    ["iscritical"]=>
+    bool(true)
+  }
+  [1]=>
+  array(3) {
+    ["oid"]=>
+    string(15) "1.2.752.58.1.10"
+    ["iscritical"]=>
+    bool(false)
+    ["value"]=>
+    string(5) "magic"
+  }
+}
 ===DONE===
diff --git a/ext/ldap/tests/ldap_set_option_variation.phpt b/ext/ldap/tests/ldap_set_option_variation.phpt
index 6e082beb0c7..bb8a3f10518 100644
--- a/ext/ldap/tests/ldap_set_option_variation.phpt
+++ b/ext/ldap/tests/ldap_set_option_variation.phpt
@@ -76,9 +76,43 @@ bool(true)
 bool(true)
 bool(false)
 bool(true)
-int(0)
+array(2) {
+  [0]=>
+  array(2) {
+    ["oid"]=>
+    string(15) "1.2.752.58.10.1"
+    ["iscritical"]=>
+    bool(true)
+  }
+  [1]=>
+  array(3) {
+    ["oid"]=>
+    string(15) "1.2.752.58.1.10"
+    ["iscritical"]=>
+    bool(false)
+    ["value"]=>
+    string(5) "magic"
+  }
+}
 bool(true)
-int(0)
+array(2) {
+  [0]=>
+  array(2) {
+    ["oid"]=>
+    string(15) "1.2.752.58.10.1"
+    ["iscritical"]=>
+    bool(true)
+  }
+  [1]=>
+  array(3) {
+    ["oid"]=>
+    string(15) "1.2.752.58.1.10"
+    ["iscritical"]=>
+    bool(false)
+    ["value"]=>
+    string(5) "magic"
+  }
+}
 bool(true)
 string(14) "dc=test,dc=com"
 ===DONE===