This is entirely based on how kerberos was configured on the server you
are using. I suggest you complain to the person who built the package
for you. This is not an OL issue.
Sorry, but I disagree.
The location of a default keytab file is quite irrelevant, simply because
this file should not be used in the first place(*). Everyone who uses
SASL/GSSAPI with openLDAP should IMO use a keytab file that is owned by
ldap, readable only by LDAP, and contains no other keytabs but those
needed for LDAP/SASL/GSSAPI.
Default keytab file is not suitable for this purpose, and thus we have to
define the location of the LDAPs "private" keytab file somewhere.
The fact that I can't configure the location of this keyfile in
/etc/openldap/slapd.conf is annoying, especially considering the fact
that I can configure other sasl-related stuff there.
(*) I'm not a kerberos expert, but AFAIK giving someone a keyfile in
kerberised environment is just like giving him a password. Now, imagine a
situation when several services run on a machine, and each of them needs
a "password" written down in a file. Would you put all passwords in one
file, or would you prefer having only the password(s) that one
application really needs in a file that is only readable by this
application?