i'm writing an AD client for mac i'm able to get a kerberos ticket and can also bind to AD using ldap_gssapi_bind and everything works fine I can do searches modify/create attributes etc.

when I unbind and try to bind to a different server, it hangs in a "select" call inside openldap lib. even though I've successfully got a TGS ticket before binding.

I'm using heimdal for kerberos implementation. I also have cyrusSASL in the project.

in one of my test environments it tries to go back to old "server" to get ticket. so I'm assuming there is some sort of caching involved here.

before rebinding I always delete the credential cache file and krb5.conf and re create them for new server.

I'm not using an conf file with openldap.

What could be going on is there some kind of caching somewhere in library?

there are no errors when unbinding and I can also see a call getting to server when I unbind.