diff -up source3/lib/smbldap.c.orig source3/lib/smbldap.c
--- source3/lib/smbldap.c.orig	2009-09-09 07:40:43.000000000 -0500
+++ source3/lib/smbldap.c	2009-09-15 00:55:47.000000000 -0500
@@ -523,6 +523,8 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
 {
 	char oldval[2048]; /* current largest allowed value is mungeddial */
 	bool existed;
+	bool disset= False;
+	bool disname = False;
 
 	if (attribute == NULL) {
 		/* This can actually happen for ldapsam_compat where we for
@@ -530,6 +532,21 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
 		return;
 	}
 
+	if ( !(StrnCaseCmp( attribute , "displayname", strlen("displayname")))) {
+		disname = true;
+		DEBUG(10,("Attribute displayName passed to smbldap_make_mod()\n"));
+	}
+	if ( !(lp_parm_bool(-1, "ldapsam", "displayNameCanWrite", true))) {
+		disset = true;
+		DEBUG(10,("Attribute ldapsam:displayNameCanWrite = false\n"));
+	}
+	if ( disname && disset ) {
+		/* attribute is 'displayname' and ldapsam:displayNameCanWrite = false so bail out. */
+		DEBUG(10,("smbldap_make_mod(): ldapsam:displayNameCanWrite is false, and display name update requested\n"));
+		DEBUG(10, ("Attribute displayName change therefore ignored.\n"));
+		return;
+	}
+
 	if (existing != NULL) {
 		existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval, sizeof(oldval));
 	} else {