While bulkloading user principals with LDIF files, include krbPrincipalAux and krbTicketPolicyAux in the objectClass.
For example:
version: 1 dn: cn=jsmith,ou=engineering,o=acme changetype: add objectclass: User objectclass: krbPrincipalAux objectclass: krbTicketPolicyAux cn: jsmith Surname: smith krbPrincipalName: jsmith@ACME.COM
Although none of the attributes in the krbTicketPolicyAux object class are specified in the LDIF file for the creation of the user principals, failing to include this object class makes the Kerberos administration utilities fail, because they refer to this class.