Two things, One, I thought that there already was a Kerberos Security Object Class for LDAP, it just so happens MIT Kerberos cannot use it. Secondly, when are we going to see in smbldap-tools a patch to allowsmbldap-useradd to add a Kerberos Principal when it adds a user?