While bulkloading user principals with LDIF files, include krbPrincipalAux, krbPolicyAux, and krbPwdPolicyRefAux in objectClass.
For example,
version: 1
dn: cn=jsmith,ou=engineering,o=acme
changetype: add
objectclass: User
objectclass: krbPrincipalAux
objectclass: krbPolicyAux
objectclass: krbPwdPolicyRefAux
cn: jsmith
Surname: smith
krbPrincipalName: jsmith@ACME.COM
Though none of the attributes in the object classes krbPolicyAux and krbPwdPolicyRefAux are specified in the LDIF file for the creation of the user principals, failing to include these object classes will make the Kerberos administration and kpasswd utilities fail, as they refer to these classes.