Cause: When a new user is added, its login is normalized and put to lower-case. However, its principal is not normalized and contains original login
Consequence: If user adds a new user with uppercase letter in its login, a disconnect between a user login and his principal is created. IPA server then refuses to create a password for that user
Fix: Normalize both new user login and his principal
Result: When a new user with upper-case letter in his login is added, both login and principal are normalized and put to lower-case. IPA server is then able to create a Kerberos password for the user.