security = user
passdb backend = ldapsam:ldap://ldapserver.com
ldap admin dn = cn=Directory Manager
ldap suffix = dc=ldapserver,dc=com
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
ldap password sync = yes

That tells samba to look in ldap for sambaSamAccounts. Only problem is you have to give samba the password for the administrator ldap account of “cn=Directory Manager”. You do that by running the command

smbpasswd -w my_password_in_clear_text

Only problem is some of us make complex passwords with special characters(!@#$%^&*()) in them. Since this accepts passwords on command line some of those special characters are parsed by the shell. So when I ran

net getlocalsid

I got errors like:

failed to bind to server ldap://ldapserver.com with dn="cn=Directory Manager" Error: Invalid credentials

Like I said, I bet you could fix this by escaping your special characters (ie replace $ with \$). But I needed to change my ldap directory manager password to not be the root linux password so I just removed all special characters and created a long plain-text password. I re-ran smbpasswd -w, and net getlocalsid and poof, it works!