When running Samba as a PDC with an LDAP backend (used for Linux authentication also), creating a new group with Microsoft's User Manager for Domain's (NT version) fails. When attempting to add a group, Windows returns an error message "Group name cannot be found." After tracing through LDAP and Samba debug logs, I saw that the group actually gets created and is then deleted. The group is created through a perl script specified in smb.conf. This script exits with a 0 status and the gidNumber of the group. The group then gets mapped correctly. After this, the "ldapsam_update_group_mapping_entry" function in passdb/pdb_ldap.c is called with a null mods list. Because this list is null, the function returns NTStatus code "NT_STATUS_UNSUCCESSFUL" and prints a debug message "ldapsam_update_group_mapping_entry: mods is empty: nothing to do\n". Upon receiving this status, User Manager issues the command to delete the group, which is completed successfully, and then displays the error message. As a temporary solution, I simply changed the NT_STATUS_UNSUCCESSFUL return status to an "NT_STATUS_OK" when "ldapsam_update_group_mapping_entry" is called with null mods. This has worked perfectly for me, but I am unaware of any negative side effects this may cause.
I think this has since been fixed in 3.0.2a
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup