I have a case where several Linux machines, all of them fetching information about users and groups from an AD domain via winbind, share home directories via an NFS export from a Linux server. Therefore, I need consistent uid/gid mapping among all machines. I tried to implement idmap storage via LDAP following Chapter 13 in the official howto.
To me, http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2573773 ("IDMAP Storage in LDAP Using Winbind") seems plain wrong. It talks about using nss_ldap to fetch uid/gid information, but with the setup described in that section, no uid/gid information is stored in LDAP. Instead, only the mapping between SID and uid/gid is stored, just as in the case where a local .tdb is used as winbind idmap backend.
The same goes for the following section, "IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension"
To me, it seems like all information about nss_ldap should be removed. Instead, you should use nss_winbind to fetch the required information.