Hi, once I have upgraded my samba installation two weeks ago,
I noticed that ldap passwd sync = yes doesn't work.
Samba does not update userPassword attribute in LDAP database.
One can update it calling smbldap-passwd or ldappasswd,
both work just fine. So definitely permissions are OK.
And it was working before, I am sure.
Let me know if any extra feedback or testing is needed.
I noticed that samba complains about not being able to find rootDSE,
and than requesting the password update non-supported by the LDAP server.
So, I realized, that I need to make my rootDSE on LDAP accessible.
Though, it is strange, since samba binds to ldap using superuser
Solved by adding to slapd.conf:
access to dn.exact=""
by self write
by users read
by * auth