FreeBSD, pam_ldap, samba4

I'm trying to set up user authentication on FreeBSD via the ldap directory (samba4).
To do this, I want to use a bunch of pam_ldap + nss_ldap.
ldapsearch -D "cn=administrator,cn=Users,dc=office,dc=local" -W -x -b "cn=Users,dc=office,dc=local" returns users, but getent and id return only local users, although the request to the ldap server comes and the output of users is formed (I looked through ngrep port 389 from the server side and debug in nss_ldap.conf on the client side)
As I understand it, the problem is in the samba4 scheme and attribute redirection, I also found feedback on the Internet, that RFC 2307 is not suitable for samba4, although in the config of samba4 itself idmap_ldb:use rfc2307 = Yes.
In which direction to dig?

nss_ldap.conf config:

base dc=office,dc=local
uri ldap://192.168.xxx.xxx/
ldap_version 3
binddn cn=administrator,cn=users,dc=office,dc=local
bindpw pa$$word
port 389
scope sub
timelimit 30
bind_timelimit 30
debug 1
logdir /var/log/nss
nss_connect_policy persist
nss_base_passwd cn=users,dc=office,dc=local
nss_base_group cn=users,dc=office,dc=local
nss_map_objectclass posixAccount user
nss_map_attribute uid sAMAccountName
pam_login_attribute sAMAccountName
pam_fil no

FreeBSD ipv6fbsd.ipv6.local 8.4-RELEASE FreeBSD 8.4-RELEASE