@Pi-L

Sorry for the late response.
But my system is in full productivity.
So I have to wait for the right moment to test your tip.

Now I get the right sambaSID.

How:

stop my ldap server.
set authentication to internal ldap.
shutdown the storage
plugging to another eth interface
start storage to negotiate a new sid in network
create a user in internal ldap
run ldapsearch command

ldapsearch -x -h DSS_IP -b dc=server,dc=nas -D cn=admin,dc=server,dc=nas -w secret objectclass=*

copy user entries
correct entries for my ldap
correct sid: user_sid = domain_sid+rid / rid=2*uid + 1000
put sambaDomain objectclass entry in my ldap
put user in my ldap
set authentication to external ldap.
add user to users share access
and can access my shares.

last question on moderators.
how to mark this thread as solved?

thanks
marshauzer