When I attempt to bind to the directory and search for the same 
> information with the command line below.
>
> ldapsearch -Y GSSAPI -X u:<valid uid>  -b "" -s base -LLL  -H 
> ldaps://FQDN supportedSASLMechanism

Did you really mean to initiate a SASL/GSSAPI bind over SSL ?
I'm not sure that will work. It might, but it may not be supported.
I know for sure that encrypted gssapi will _not_ work. It uses the
same layered I/O hooks that SSL does, and you can't have both
active at the same time (nor would you want to AFAIK).
Try the non-ssl port and see what happens.

The new and improved error after changing from -H ldaps://..... to -H ldap://... follows

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials
        additional info: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context


[28/Nov/2005:07:47:47 -0600] - new connection on 68
[28/Nov/2005:07:47:47 -0600] - activity on 68r
[28/Nov/2005:07:47:47 -0600] - read activity on 68
[28/Nov/2005:07:47:47 -0600] - conn 10 activity level = 0
[28/Nov/2005:07:47:47 -0600] - sasl(2): GSSAPI Error: Miscellaneous failure (Bad encryption type)[28/Nov/2005:07:47:47 -0600] - listener got signaled
[28/Nov/2005:07:47:47 -0600] - activity on 68r
[28/Nov/2005:07:47:47 -0600] - read activity on 68
[28/Nov/2005:07:47:47 -0600] - listener got signaled



Thanks for the hint. I did read that it would not be supported over SSL the competing port would be a valid reason.  I did get the mapping pieces completed but had some difficulty understanding the REALMS docs.  http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1083165
The docs state that GSS-API must be enabled as a SASL mechanism in the Directory to make this work, but it does not state how if this is the default or if not how to enable GSS-API.  The Realms section reads as if I have to change the DN of all users in the directory to be under cn=gssapi,cn=auth and therefore the confusion.

Thanks again for any clarity given
Barry