Hi,

Using Debian stable amd64 with samba 4.7 self-compiled, I noticed that we can get strange data in LDAP with "samba-tool group add" and a very high gidNumber:

# this is correct
# samba-tool group add group-test13 --gid-number=2000000000 --nis-domain=mydomain
Added group group-test13
# ldbsearch -H /usr/local/samba/private/sam.ldb CN="group-test13"
…
# gidNumber: 2000000000
…

# this is not correct
# samba-tool group add group-test14 --gid-number=3000000000 --nis-domain=mydomain
Added group group-test14
# ldbsearch -H /usr/local/samba/private/sam.ldb CN="group-test14"
…
gidNumber: -1294967296
…


I am probably using a GID that is way to high, but it would be nice if the tool could avoid getting strange values in LDAP. On the Microsoft side, it seems there is no theoretical limit: https://msdn.microsoft.com/en-us/library/ms675718(v=vs.85).aspx

Regards,
Yvan