diff -urN --exclude-from=./diff.excludes samba-3.0.25rc1/source/nsswitch/idmap_ad.c samba-3.0.25rc1.patched/source/nsswitch/idmap_ad.c
--- samba-3.0.25rc1/source/nsswitch/idmap_ad.c	2007-04-09 12:30:57.000000000 -0500
+++ samba-3.0.25rc1.patched/source/nsswitch/idmap_ad.c	2007-04-11 07:18:04.000000000 -0500
@@ -164,13 +164,8 @@
 {
 	struct idmap_ad_context *ctx;
 	char *config_option;
-	const char *range;
-	ADS_STRUCT *ads;
-
-	/* verify AD is reachable (not critical, we may just be offline at start) */
-	if ( (ads = ad_idmap_cached_connection()) == NULL ) {
-		DEBUG(1, ("WARNING: Could not init an AD connection! Mapping might not work.\n"));
-	}
+	const char *range = NULL;
+	const char *schema_mode = NULL;	
 
 	if ( (ctx = talloc_zero(dom, struct idmap_ad_context)) == NULL ) {
 		DEBUG(0, ("Out of memory!\n"));
@@ -194,6 +189,20 @@
 		}
 	}
 
+	/* schema mode */
+	if ( ad_map_type == WB_POSIX_MAP_UNKNOWN )
+		ad_map_type = WB_POSIX_MAP_RFC2307;
+	schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL);
+	if ( schema_mode && schema_mode[0] ) {
+		if ( strequal(schema_mode, "sfu") )
+			ad_map_type = WB_POSIX_MAP_SFU;
+		else if ( strequal(schema_mode, "rfc2307" ) )
+			ad_map_type = WB_POSIX_MAP_RFC2307;
+		else
+			DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n",
+				 schema_mode));
+	}
+
 	dom->private_data = ctx;
 
 	talloc_free(config_option);
@@ -251,6 +260,7 @@
 				NULL, /* gidnumber */
 				NULL };
 	LDAPMessage *res = NULL;
+	LDAPMessage *entry = NULL;
 	char *filter = NULL;
 	int idx = 0;
 	int bidx = 0;
@@ -329,7 +339,7 @@
 	}
 	filter = talloc_asprintf_append(filter, ")");
 	CHECK_ALLOC_DONE(filter);
-	DEBUG(10, ("Filter: [%s]\n", filter));
+
 	rc = ads_search_retry(ads, &res, filter, attrs);
 	if (!ADS_ERR_OK(rc)) {
 		DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc)));
@@ -341,8 +351,8 @@
 		DEBUG(10, ("No IDs found\n"));
 	}
 
-	for (i = 0; i < count; i++) {
-		LDAPMessage *entry = NULL;
+	entry = res;
+	for (i = 0; (i < count) && entry; i++) {
 		DOM_SID sid;
 		enum id_type type;
 		struct id_map *map;
@@ -350,13 +360,14 @@
 		uint32_t atype;
 
 		if (i == 0) { /* first entry */
-			entry = ads_first_entry(ads, res);
+			entry = ads_first_entry(ads, entry);
 		} else { /* following ones */
 			entry = ads_next_entry(ads, entry);
 		}
-		if ( ! entry) {
+
+		if ( !entry ) {
 			DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n"));
-			continue;
+			break;
 		}
 
 		/* first check if the SID is present */
@@ -457,6 +468,7 @@
 				NULL, /* attr_gidnumber */
 				NULL };
 	LDAPMessage *res = NULL;
+	LDAPMessage *entry = NULL;
 	char *filter = NULL;
 	int idx = 0;
 	int bidx = 0;
@@ -514,8 +526,8 @@
 		DEBUG(10, ("No IDs found\n"));
 	}
 
-	for (i = 0; i < count; i++) {
-		LDAPMessage *entry = NULL;
+	entry = res;	
+	for (i = 0; (i < count) && entry; i++) {
 		DOM_SID sid;
 		enum id_type type;
 		struct id_map *map;
@@ -523,13 +535,14 @@
 		uint32_t atype;
 
 		if (i == 0) { /* first entry */
-			entry = ads_first_entry(ads, res);
+			entry = ads_first_entry(ads, entry);
 		} else { /* following ones */
 			entry = ads_next_entry(ads, entry);
 		}
-		if ( ! entry) {
+
+		if ( !entry ) {
 			DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n"));
-			continue;
+			break;
 		}
 
 		/* first check if the SID is present */
diff -urN --exclude-from=./diff.excludes samba-3.0.25rc1/source/nsswitch/idmap.c samba-3.0.25rc1.patched/source/nsswitch/idmap.c
--- samba-3.0.25rc1/source/nsswitch/idmap.c	2007-04-09 12:30:57.000000000 -0500
+++ samba-3.0.25rc1.patched/source/nsswitch/idmap.c	2007-04-11 06:11:00.000000000 -0500
@@ -259,7 +259,7 @@
 	char *compat_backend = NULL;
 	char *compat_params = NULL;
 	const char **dom_list = NULL;
-	char *alloc_backend;
+	char *alloc_backend = NULL;
 	BOOL default_already_defined = False;
 	BOOL pri_dom_is_in_list = False;
 	int compat = 0;
@@ -561,11 +561,11 @@
 	}
 
 
-	/***************************
-	 * initialize alloc module
-	 */
-	DEBUG(1, ("Initializing idmap alloc module\n"));
+	/* Initialize alloc module */
 
+	DEBUG(3, ("Initializing idmap alloc module\n"));
+
+	alloc_backend = NULL;
 	if (compat) {
 		alloc_backend = talloc_strdup(idmap_ctx, compat_backend);
 	} else {
@@ -573,37 +573,37 @@
 		
 		if (ab && (ab[0] != '\0')) {
 			alloc_backend = talloc_strdup(idmap_ctx, lp_idmap_alloc_backend());
-		} else {
-			alloc_backend = talloc_strdup(idmap_ctx, "tdb");
 		}
 	}
-	IDMAP_CHECK_ALLOC(alloc_backend);
 
-	alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
-	if ( ! alloc_methods) {
-		ret = smb_probe_module("idmap", alloc_backend);
-		if (NT_STATUS_IS_OK(ret)) {
-			alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
+	if ( alloc_backend ) {
+
+		alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
+		if ( ! alloc_methods) {
+			ret = smb_probe_module("idmap", alloc_backend);
+			if (NT_STATUS_IS_OK(ret)) {
+				alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
+			}
 		}
-	}
-	if ( alloc_methods) {
-		ret = alloc_methods->init(compat_params);
-		if ( ! NT_STATUS_IS_OK(ret)) {
-			DEBUG(0, ("idmap_init: Initialization failed for alloc "
-				  "backend %s\n", alloc_backend));
-			ret = NT_STATUS_UNSUCCESSFUL;
-			goto done;
+		if ( alloc_methods) {
+			ret = alloc_methods->init(compat_params);
+			if ( ! NT_STATUS_IS_OK(ret)) {
+				DEBUG(0, ("idmap_init: Initialization failed for alloc "
+					  "backend %s\n", alloc_backend));
+				ret = NT_STATUS_UNSUCCESSFUL;
+				goto done;
+		}
+		} else {
+			DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n", 
+				  alloc_backend));
+			/* certain compat backends are just readonly */
+			if ( compat )
+				ret = NT_STATUS_OK;
+			else
+				ret = NT_STATUS_UNSUCCESSFUL;
 		}
-	} else {
-		DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n", 
-			  alloc_backend));
-		/* certain compat backends are just readonly */
-		if ( compat )
-			ret = NT_STATUS_OK;
-		else
-			ret = NT_STATUS_UNSUCCESSFUL;
 	}
-
+	
 	/* cleanpu temporary strings */
 	TALLOC_FREE( compat_backend );
 	
@@ -633,6 +633,9 @@
 		return ret;
 	}
 
+	if ( !alloc_methods )
+		return NT_STATUS_NOT_SUPPORTED;	
+
 	id->type = ID_TYPE_UID;
 	return alloc_methods->allocate_id(id);
 }
@@ -645,6 +648,9 @@
 		return ret;
 	}
 
+	if ( !alloc_methods )
+		return NT_STATUS_NOT_SUPPORTED;	
+
 	id->type = ID_TYPE_GID;
 	return alloc_methods->allocate_id(id);
 }
@@ -657,6 +663,9 @@
 		return ret;
 	}
 
+	if ( !alloc_methods )
+		return NT_STATUS_NOT_SUPPORTED;	
+
 	id->type = ID_TYPE_UID;
 	return alloc_methods->set_id_hwm(id);
 }
@@ -669,6 +678,9 @@
 		return ret;
 	}
 
+	if ( !alloc_methods )
+		return NT_STATUS_NOT_SUPPORTED;	
+
 	id->type = ID_TYPE_GID;
 	return alloc_methods->set_id_hwm(id);
 }
@@ -1321,16 +1333,18 @@
 		return;
 	}
 
-	allid.type = ID_TYPE_UID;
-	allid.id = 0;
-	alloc_methods->get_id_hwm(&allid);
-	fprintf(dump, "USER HWM %lu\n", (unsigned long)allid.id);
-
-	allid.type = ID_TYPE_GID;
-	allid.id = 0;
-	alloc_methods->get_id_hwm(&allid);
-	fprintf(dump, "GROUP HWM %lu\n", (unsigned long)allid.id);
-
+	if ( alloc_methods ) {		
+		allid.type = ID_TYPE_UID;
+		allid.id = 0;
+		alloc_methods->get_id_hwm(&allid);
+		fprintf(dump, "USER HWM %lu\n", (unsigned long)allid.id);
+		
+		allid.type = ID_TYPE_GID;
+		allid.id = 0;
+		alloc_methods->get_id_hwm(&allid);
+		fprintf(dump, "GROUP HWM %lu\n", (unsigned long)allid.id);
+	}
+	
 	maps = talloc(idmap_ctx, struct id_map);
 	num_maps = 0;