diff --git a/src/ldap.c b/src/ldap.c
index 5c7caefb5..1d9678a30 100644
--- a/src/ldap.c
+++ b/src/ldap.c
@@ -170,7 +170,7 @@ int ceo_add_group_sudo(char *group, char *basedn) {
     return ret;
 }
 
-int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *principal, char *shell, int no, ...) {
+int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *shell, int no, ...) {
     va_list args;
 
     if (!uid || !basedn || !cn || !home || !shell)
@@ -188,11 +188,6 @@ int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home,
     char *objectClasses[] = { "top", "account", "posixAccount", "shadowAccount", NULL, NULL, NULL, NULL };
     if (objclass != NULL)
         objectClasses[classes++] = objclass;
-    if (principal) {
-        objectClasses[classes++] = "krbPrincipalAux";
-        objectClasses[classes++] = "krbTicketPolicyAux";
-
-    }
     mods[i]->mod_values = objectClasses;
 
     mods[++i] = xmalloc(sizeof(LDAPMod));
@@ -232,15 +227,6 @@ int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home,
     char *homeDirectory[] = { home, NULL };
     mods[i]->mod_values = homeDirectory;
 
-    if (principal) {
-        mods[++i] = xmalloc(sizeof(LDAPMod));
-        mods[i]->mod_op = LDAP_MOD_ADD;
-        mods[i]->mod_type = "krbPrincipalName";
-        vals[i][0] = principal;
-        vals[i][1] = NULL;
-        mods[i]->mod_values = vals[i];
-    }
-
     va_start(args, no);
     char *attr;
     while ((attr = va_arg(args, char *))) {
diff --git a/src/ldap.h b/src/ldap.h
index 5a2d3f5ab..b29b68bda 100644
--- a/src/ldap.h
+++ b/src/ldap.h
@@ -1,6 +1,6 @@
 #define LDAP_DEFAULT_PROTOCOL LDAP_VERSION3
 
-int ceo_add_user(char *, char *, char *, char *, char *, char *, char *, int, ...);
+int ceo_add_user(char *, char *, char *, char *, char *, char *, int, ...);
 int ceo_add_group(char *, char *, int);
 int ceo_add_group_sudo(char *, char *);
 int ceo_new_uid(int, int);
diff --git a/src/op-adduser.c b/src/op-adduser.c
index 91d557fc1..2f24e4963 100644
--- a/src/op-adduser.c
+++ b/src/op-adduser.c
@@ -163,7 +163,7 @@ static int32_t addmember(Ceo__AddUser *in, Ceo__AddUserResponse *out) {
     if ((krb_stat = ceo_del_princ(in->username)))
         return response_message(out, EEXIST, "unable to overwrite orphaned kerberos principal %s", in->username);
 
-    if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir, principal,
+    if ((user_stat = ceo_add_user(in->username, ldap_users_base, "member", in->realname, homedir,
             member_shell, id, "program", in->program, NULL)))
         return response_message(out, ELDAP, "unable to create ldap account %s", in->username);
     response_message(out, 0, "successfully created ldap account");