samba - Jun 2011 - idmap backend defaults to tdb... but doesn't have entries for '*'...

I think this is one of my config problems.

my tdb map backend is the default tdb with manually setup accounts after
provisioning a new db to get the builtins.   

While it works for my domain, if some app requests '*' group/user
enumeration (an app running on a domain-client (machine joined, logged
w/domain account), it gets 'no such domain'...  But for a machine in my
domain, to the pdc, the domain would be assumed, so '*' (I think) would
make sense.

So why isn't '*' picking up my domain?

FWIW, I spent way too much time on keyboard yesterday and wrists are sore
(first time in months)...but then also in trying to fix the mappings --
since the log message about *, said 'no range defined', I tried defining
a
range.    It took me a while to realize how many things broke -- not sure
if it took a while to overwrite the correct passdb.tdb or what...but by
the end of the day I was chasing wild geese -- due to a corrupted
database.

I restored to the morning's backup and was back up, but waisted several
hours trying to fix the '*' requires range error message in the log.  So
why isn't * picking up the domain entries that it is running as the PDC
for?