Help us silence slapd with its GSSAPI errors

I haven't tried 10.4.9 yet... but these errors are logging like mad across all our servers. I have frantically tried various keytab edits and princple removal and recreations to no avail. I'm stuck at slapd moaning about the decrypt check failing because I can't sync the keys it wants me to. Various commands I've ran (not in any particular order): kadmin.local -q 'ktrem ldap/FQDN' kadmin.local -q 'delprinc ldap/FQDN' kadmin.local -q 'ank -randkey ldap/FQDN' kadmin.local -q 'ktadd ldap/FQDN sudo sso_util configure -r G4SERVER.CARDINALNEWMAN.N-LANARK.SCH.UK -x -v 1 all sudo sso_util configure -r G4SERVER.CARDINALNEWMAN.N-LANARK.SCH.UK -x -v 1 ldap sudo kadmin.local -r G4SERVER.CARDINALNEWMAN.N-LANARK.SCH.UK -q "addprinc -randkey kadmin/g4server.cardinalnewman.n-lanark.sch.uk@G4SERVER.CARDINALNEWMAN.N-LANARK.SCH.UK" sudo kadmin.local -r G4SERVER.CARDINALNEWMAN.N-LANARK.SCH.UK -q "addprinc -randkey host/g4server.cardinalnewman.n-lanark.sch.uk@G4SERVER.CARDINALNEWMAN.N-LANARK.SCH.UK" Need some slapd and Kerberos expert to help fix this. It should really be Apple's problem.