Fix migration code password setting.

When we set a password we also need to make sure krbExtraData is set.
If not kadmin will later complain that the object is corrupted at password
change time.

Ticket: https://fedorahosted.org/freeipa/ticket/2764

daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c

@@ -995,6 +995,7 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
     Slapi_Value *objectclass;
     int method; /* authentication method */
     int ret = 0;
+    char *principal = NULL;
 
     LOG_TRACE("=>\n");
 
@@ -1135,9 +1136,19 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
         goto done;
     }
 
+    /* we need to make sure the ExtraData is set, otherwise kadmin
+     * will not like the object */
+    principal = slapi_entry_attr_get_charptr(entry, "krbPrincipalName");
+    if (!principal) {
+        LOG_OOM();
+        goto done;
+    }
+    ipapwd_set_extradata(pwdata.dn, principal, pwdata.timeNow);
+
     LOG("kerberos key generated for user entry: %s\n", dn);
 
 done:
+    slapi_ch_free_string(&principal);
     slapi_ch_free_string(&expire);
     if (entry)
         slapi_entry_free(entry);