--- /usr/lib/univention-directory-listener/system/samba4-idmap.py	2016-10-28 17:18:04.000000000 +0200
+++ /tmp/samba4-idmap.py	2015-11-24 21:57:00.972000000 +0100
@@ -43,6 +43,7 @@
 from samba.idmap import IDmapDB
 from samba.auth import system_session
 from samba.param import LoadParm
+from samba.provision import setup_idmapdb
 
 name = 'samba4-idmap'
 description = 'Update local IDmap entries'
@@ -94,19 +95,28 @@
 
 __SPECIAL_SIDS = set(__SPECIAL_ACCOUNT_SIDS.values())
 
+__IDMAP = None
+
 
 def open_idmap():
+	if __IDMAP:
+		return __IDMAP
+
 	global lp
+
+	idmap_ldb = '/var/lib/samba/private/idmap.ldb'
 	listener.setuid(0)
 	try:
-		idmap = IDmapDB('/var/lib/samba/private/idmap.ldb', session_info=system_session(), lp=lp)
+		if not os.path.exists(idmap_ldb):
+			setup_idmapdb(idmap_ldb, session_info=system_session(), lp=lp)
+		__IDMAP = IDmapDB(idmap_ldb, session_info=system_session(), lp=lp)
 	except ldb.LdbError:
 		univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR, "%s: /var/lib/samba/private/idmap.ldb could not be opened" % name)
 		raise
 	finally:
 		listener.unsetuid()
 
-	return idmap
+	return __IDMAP
 
 
 def rename_or_modify_idmap_entry(old_sambaSID, new_sambaSID, xidNumber, type_string, idmap=None):
@@ -235,6 +245,7 @@
 			idmap_ldb_backup = '%s_%d' % (idmap_ldb, time.time())
 			univention.debug.debug(univention.debug.LISTENER, univention.debug.PROCESS, 'Move %s to %s' % (idmap_ldb, idmap_ldb_backup))
 			os.rename(idmap_ldb, idmap_ldb_backup)
+			setup_idmapdb(idmap_ldb, session_info=system_session(), lp=lp)
 		finally:
 			listener.unsetuid()