The idmap parameters specified below for the different domains means that all users and groups should mapped into these name spaces. In other words, all UIDs and GIDs for the accounts should be within the specified ranges. Use getent passwd and getent group to verify which users and groups belong to which domain.

idmap domains                            = BUILTIN LOCAL GENOMICS FOREIGN

# Dealing with LOCAL stuff
idmap config LOCAL:backend               = tdb
idmap config LOCAL:default               = no
idmap config LOCAL:readonly              = no
idmap config LOCAL:range                 = 0-499

# Dealing with BUILTIN stuff
idmap config BUILTIN:backend             = tdb
idmap config BUILTIN:default             = no
idmap config BUILTIN:readonly            = no
idmap config BUILTIN:range               = 500-999

# Dealing with foreign domains
idmap config FOREIGN:backend             = ldap
idmap config FOREIGN:default             = yes
idmap config FOREIGN:readonly            = no
idmap config FOREIGN:ldap_base_dn        = ou=idmap,dc=example,dc=com
idmap config FOREIGN:ldap_url            = ldap://ldap01.example.com/
idmap config FOREIGN:ldap_user_dn        = cn=manager,dc=example,dc=com
idmap config FOREIGN:range               = 66000-99999

# Dealing with our own domain
idmap config EXAMPLE:backend            = ldap
idmap config EXAMPLE:default            = no
idmap config EXAMPLE:readonly           = yes
idmap config EXAMPLE:ldap_url           = ldap://ldap01.example.com/

Set the password by using:

net idmap secret FOREIGN password