Hi tarballedtux!
I just searched for another issue and found your posting...
After some work, I got Samba and LDAP up and running. In my opinion, the most important thing is to go into the LDAP-structures. Managing user accounts or whatever by hand is hard work, and most tools, I found, work pretty good, as long, as I knew, what they should do. Treated as black box, I got only chaos...
The best docs, I found (at least best for me ;-) were
http://www.openldap.org/doc/admin21/
man slapd.conf (with lacking ACL's)
man ldap.conf
and some docs from a debian page. I have the links at work, so I can post them not before monday... If you are still interested.
But much more importtant is a tool, that visualizes your LDAP-database content. I installed the LDAPExplorer, a set of PHP-Scripts, and could finally see, where I just wondered before ;-)
Most problems, I had, were produced by misconfigured LDAP tools (Group/User base dn, correct objectclasses (sambaAccount, posicAccount AND shadowAcocunt), and so on). Nothing to extract a step-by-step advice :-(
If LDAP is configured and filled well, samba needs only the few "please use ldap"-options in smb.conf to work properly.
Hmmm. Long writing, not so much facts...
I can only hope, it points in the right direction ;-)
Good luck,
Clemens von Musil
P.S: If you can use a http-based tool to manage your LDAP-authentication against all security considerations, don't miss a look on webmin...