If you provision/run with idmap_ldb:use rfc2307 then you can assign each user/group a uidNumber/gidNumber which then is/can be obeyed by samba/nslcd.
Sorry, I should have made myself more clear. Our current setup uses the nslcd approach to get the UIDs and GIDs as mapped from the RID of each object. We then feed that back into the LDAP database (as uidNumber and gidNumber attributes) along with setting idmap_ldb:use rfc2307 so that Samba4 gets the same UIDs and GIDs as from mapping the RID. But this is very much a fudge, and it does not make sense that Winbind shouldn't support this form of RID mapping, even though previous versions did support it. Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
