samba - May 2022 - Excessive ldap queries for root and non-existing accounts

Hello,

my setup: GPFS cluster --> CTDB cluster --> Samba (ldap(freeipa) 
password backend), OS Rocky 8.5

Everything works perfectly except one thing, Samba is generating 
millions (really) ldap queries for root or non-existing user accounts 
like that:

conn=11550522 op=4 SRCH base="dc=xyz,dc=local" scope=2
filter="(&(uid=root)(objectClass=sambaSamAccount))"
attrs="uid uidNumber gidNumber homeDirectory sambaPwdLastSet
sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime
sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber
home..."

or

conn=11551585 op=23 SRCH base="dc=xyz,dc=local" scope=2
filter="(&(uid=mmg)(objectClass=sambaSamAccount))" attrs="uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn
displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath
description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
sambaLogonHours modifyTimestamp uidNumber gidNumber home..."

Some files shared by Samba are owned by root, but user "mmg"
doesn't
exist at all. Anyway is there something like negative cache for 
non-existing ldap users or it is possible to "map" these users to 
existing ldap users?

Thanks,

Michal

Samba config:

[global]
	netbios name = DATA
	server string = GPFS NAS
	preferred master = Yes
	local master = yes
	os level = 65
	ldap admin dn = uid=l_cudbnd,cn=users,cn=accounts,dc=xyz,dc=local
	ldap group suffix = cn=groups,cn=accounts
	ldap ssl = no
	ldap suffix = dc=xyz,dc=local
	ldap user suffix = cn=users,cn=accounts
	log level = 1 auth:2
	logging = syslog
	log writeable files on exit = Yes
	unix extensions = No
	ntlm auth = Yes
	passdb backend = ldapsam:"ldap://fido1.xyz.local ldap://fido.xyz.local
ldap://fido2.xyz.local
ldap://fido3.xyz.local"
	security = USER
	fileid:fstype allow = gpfs
	fileid:algorithm = fsname
    	force unknown acl user = yes
	gpfs:leases = yes
	gpfs:dfreequota = yes
	gpfs:winattr = yes
	gpfs:sharemodes = yes
	shadow:snapdir = .snapshots
	shadow:snapdirseverywhere = yes
	shadow:sort = desc
	idmap config * : read only = no
	idmap config * : range = 10000000-299999999
	idmap config * : rangesize = 1000000
	idmap config * : backend = autorid
	read only = No
	vfs objects = shadow_copy2 gpfs fileid
	store dos attributes = no
	clustering = yes
	min receivefile size = 16384
	use sendfile = true
	max smbd processes = 1000
	posix locking = yes
	winbind nested groups = no
	winbind use default domain = no
	case sensitive = Yes
	guest account = nfsnobody
	map to guest = Bad Password
	client min protocol = NT1
	server min protocol = NT1

[transfer]
	path = /gpfs/gpfs01/transfer
	smb encrypt = if_required
         force create mode = 0777
         force directory mode = 0777
         create mask = 0777
         directory mask = 0777
         vfs objects = shadow_copy2 gpfs fileid aio_pthread full_audit
         full_audit:prefix = |%u|%I
         full_audit:success = renameat write pwrite mkdirat unlinkat pwrite_send
         full_audit:facility = LOCAL6
         full_audit:priority = INFO
         oplocks = False
         level2 oplocks = False