SASL GSSAPI + Active directory: local error

[rave247 rave247 <rave247@seznam.cz>]

Hi,

I,am trying to bind to active directory using openldap libraries and gets this error: 

pepe@shade:~$ ldapsearch -Y GSSAPI -h nn-adtest
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)

I tried to debug and finded that error rises from this code: file: cyrus.c, function: ldap_int_sasl_bind, line: 729 (in my version openldap 2.3.11)                

if( rc == LDAP_SUCCESS && saslrc == SASL_OK ) {
                        /* we're done, no need to step */
                        if( scred ) {
                                if ( scred->bv_len ) {
                                        /* but server provided us with data! */
                                        Debug( LDAP_DEBUG_TRACE,
                                                "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
                                                rc, saslrc, scred->bv_len );
                                }
                                ber_bvfree( scred );
                                rc = ld->ld_errno = LDAP_LOCAL_ERROR;   // <--- HERE REACHES MY PROGRAM
                                goto done;
                        }
                        break;
}


In function ldap_sasl_bind_s at  sasl.c:174, call of function ldap_result2error returns 0 (LDAP_SUCCESS and SASL_OK) and call of function ldap_parse_sasl_bind_result returns non-NULL valu of thir parameter scredp. 

When I look at network communication with sniffer ethereal, I see that active directory server sends result with result code "success" (0x00), so it looks that mistake is on the side of openldap client (maybe wrong parsing), or have I something misconfigured ? 

Thanks for any hints 
Prema