When restoring a idmap dump taken from a .tdb after reconfiguring winbind to use LDAP as backend, using 'net idmap restore', the following warning messages are shown: ignoring invalid line [USER HWM 10002] ignoring invalid line [GROUP HWM 10008] USER HWM: 10000 GROUP HWM: 10000 This might not look like a problem, but unfortunately, the uidNumber and gidNumber values written to the object with object class sambaUnixIdPool are not correct - they are set to the values set in smb.conf, not to the highest values that exist in the database after the 'net idmap restore'. As winbind, at least not in my experiments, verify that uidNumbers and gidNumbers assigned to new SIDs already exist, but instead blindly accepts the values from the sambaUnixIdPool object, the above behaviour causes duplicate uidNumber/gidNumbers after a restore from .tdb to LDAP.
Problem still in 3.0.24 compiled from sources downloaded from samba.org. See also: http://comments.gmane.org/gmane.network.samba.general/87502