How to disable SSF (integrity) on GSSAPI mech?

Hi folks,

I am binding against Active Directory with GSSAPI mech and would like to disable SASL integrity for debugging purposes with Wireshark. Unfortunately, this call fails:

char *secprops = "minssf=0,maxssf=0"; rc = ldap_set_option(ld, LDAP_OPT_X_SASL_SECPROPS, secprops);

with:

Diagnostic message: SASL(-1): generic failure: GSSAPI Error: A required input parameter could not be read (Unknown error) Result code: -2

I am used to this with Java's SASL client where I can set SASL QOP with auth, auth-int, auth-conf.

Is that not possible with OpenLDAP along with CyrusSASL?

For what it is worth, I am on FreeBSD 9.3 with latest OpenLDAP and CyrusSASL from the ports tree.

Regards,

Michael