Confused is a very apt description of what I am right now.
I'm wading through the nightmare that is getting Linux machines to auth
with Kerberos to Active Directory, and using OpenLDAP to do user/group
lookups instead of Winbind.
I started down the road of getting Kerberos support compiled in because
ldapsearch would not auth using gssapi. Sorting through all the
documentation, I found the -k option, and set about getting that to
work.
-k still doesn't work, because I didn't compile kbind in, but after
doing what I did below, I ended up with an ldapsearch that WOULD auth
via SASL/GSS. Simply doing the default build left me with an ldapsearch
utility that I couldn't use to search AD.