Index: passdb/pdb_ldap.c
===================================================================
--- passdb/pdb_ldap.c	(revision 23014)
+++ passdb/pdb_ldap.c	(working copy)
@@ -1041,11 +1041,19 @@
 	 *  it does not exist.
 	 */
 
-	if (need_update(sampass, PDB_FULLNAME))
+	if (need_update(sampass, PDB_FULLNAME)) {
 		smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
 			get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME), 
 			pdb_get_fullname(sampass));
 
+		/* In case we are using EditPosix, update the gecos as well to keep win/unix consistent */
+		if (lp_parm_bool(-1, "ldapsam", "editposix", False)) {
+			smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
+				get_userattr_key2string(ldap_state->schema_ver, "gecos"),
+				pdb_get_fullname(sampass));
+		}
+	}
+
 	if (need_update(sampass, PDB_ACCTDESC))
 		smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
 			get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC), 
@@ -4843,7 +4851,15 @@
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
+		if (lp_parm_bool(-1, "ldapsam", "editposix use inetOrgPerson", False)) {
+			smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "inetOrgPerson");
+			/* We must set sn as the schema requires it, but we have no way to
+			 * determine if we have it or what is it, let it undefined so that
+			 * admins can change it at their will later if they care */
+			smbldap_set_mod(&mods, LDAP_MOD_ADD, "sn", "UNDEFINED");
+		} else {
+			smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
+		}
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", name);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "uidNumber", uidstr);
Index: utils/net_sam.c
===================================================================
--- utils/net_sam.c	(revision 23014)
+++ utils/net_sam.c	(working copy)
@@ -1310,7 +1310,15 @@
 
 		sid_compose(&sid, get_global_sam_sid(), DOMAIN_USER_RID_ADMIN);
 
-		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
+		if (lp_parm_bool(-1, "ldapsam", "editposix use inetOrgPerson", False)) {
+			smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "inetOrgPerson");
+			/* We must set sn as the schema requires it, but we have no way to
+			 * determine if we have it or what is it, let it undefined so that
+			 * admins can change it at their will later if they care */
+			smbldap_set_mod(&mods, LDAP_MOD_ADD, "sn", "UNDEFINED");
+		} else {
+			smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
+		}
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", name);
@@ -1389,7 +1397,15 @@
 			goto failed;
 		}
 
-		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
+		if (lp_parm_bool(-1, "ldapsam", "editposix use inetOrgPerson", False)) {
+			smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", "inetOrgPerson");
+			/* We must set sn as the schema requires it, but we have no way to
+			 * determine if we have it or what is it, let it undefined so that
+			 * admins can change it at their will later if they care */
+			smbldap_set_mod(&mods, LDAP_MOD_ADD, "sn", "UNDEFINED");
+		} else {
+			smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_ACCOUNT);
+		}
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXACCOUNT);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_SAMBASAMACCOUNT);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "uid", pwd->pw_name);