Patch related to "(ITS#6110) GSSAPI signing/encryption for unsuspectingly applications" is more an enhancement than a bug report.
Please have a look at patch on ftp://ftp.openldap.org/incoming/mike-becher-090512.libraries-libldap.patch or ITS report on http://www.openldap.org/its/index.cgi/Incoming?id=6110;selectid=6110
In short that patch: 1) adds call of ldap_gssapi_bind_s() at the beginning of ldap_sasl_interactive_bind_s() which can be turn on or off by an GSSAPI OPTION (manual update of ldap.conf (5) included) to provide GSSAPI signing/encryption for applications that use (and only know) ldap_sasl_interactive_bind_s(), 2) adds the missed implementation of "switch off" functionality of all other GSSAPI OPTIONS. 3) corrects one string length problem in guess_service_principal() and 4) corrects one hostname resolving problem in guess_service_principal().
Sorry for that kind of announcement but I hope now it is on the right mailing list.
best regards Mike