LDAP implementation should support an "auto increment" function when creating a UNIX attribute uidNumber. It takes some system resources to scan for next free uidNumber by client.
Not only is finding a valid uidNumber difficult, it is unsafe against a racing process elsewhere.
The basic plan is that we should allow Samba to run in a mode where this is allocated, either on a single FSMO master (just as posixTrustOffset it meant to be) when the object is replicated there, or to use an algorithmic approach.
The challenge is that all the options suck, and none are good defaults, but I wrote a little of my thoughts here:
The thread is very much worth a read. What we need now is some implementation so we can see how it works in reality.