Hi, once I have upgraded my samba installation two weeks ago, I noticed that ldap passwd sync = yes doesn't work. Samba does not update userPassword attribute in LDAP database. One can update it calling smbldap-passwd or ldappasswd, both work just fine. So definitely permissions are OK. And it was working before, I am sure. Let me know if any extra feedback or testing is needed. Thanks
I noticed that samba complains about not being able to find rootDSE, and than requesting the password update non-supported by the LDAP server. So, I realized, that I need to make my rootDSE on LDAP accessible. Though, it is strange, since samba binds to ldap using superuser credentials. Solved by adding to slapd.conf: access to dn.exact="" by self write by users read by * auth