When running Samba as a PDC with an LDAP backend (used for Linux authentication 
also), creating a new group with Microsoft's User Manager for Domain's (NT 
version) fails.  When attempting to add a group, Windows returns an error 
message "Group name cannot be found."

After tracing through LDAP and Samba debug logs, I saw that the group actually 
gets created and is then deleted.  The group is created through a perl script 
specified in smb.conf.  This script exits with a 0 status and the gidNumber of 
the group.  The group then gets mapped correctly.

After this, the "ldapsam_update_group_mapping_entry" function in 
passdb/pdb_ldap.c is called with a null mods list.  Because this list is null, 
the function returns NTStatus code "NT_STATUS_UNSUCCESSFUL" and prints a debug 
message "ldapsam_update_group_mapping_entry: mods is empty: nothing to do\n".  
Upon receiving this status, User Manager issues the command to delete the 
group, which is completed successfully, and then displays the error message.

As a temporary solution, I simply changed the NT_STATUS_UNSUCCESSFUL return 
status to an "NT_STATUS_OK" when "ldapsam_update_group_mapping_entry" is called 
with null mods.  This has worked perfectly for me, but I am unaware of any 
negative side effects this may cause.