[Samba] LDAPSam + Samba 3 Alpha 20

[Geoffrey Antos]

I'm wondering what the samba server needs write access to, in LDAP, to 
operate.
I've got the following lines in slapd.conf:
#--
#Samba Passwords -- Only Samba (and its authenticated users) can access this.
#Also includes flags -- Use smbpasswd for everything:
access to attr=lmPassword,ntPassword,rid,acctFlags,pwdLastSet,logonTime,logoffTime,kickoffTime,pwdCanChange,pwdMustChange,homeDrive,scriptPath,profilePath,userWorkstations,smbHome,domain
        by dn="uid=SambaServer,ou=Servers,dc=domain,dc=com" write
        by dn=".*,ou=Administrators,ou=Users,dc=domain,dc=com" write
        by * none

#Posix Account info -- only admins can change.
#They are not too valuable, plus nss_ldap problems. Let all read:
access to attr=uid,uidNumber,gidNumber,homeDirectory
        by dn="uid=SambaServer,ou=Servers,dc=domain,dc=com" write
        by dn=".*,ou=Administrators,ou=Users,dc=domain,dc=com" write
        by * read
#--

However, when I run smbpasswd I get an insufficent access error.
smbpasswd -D 255 reports:
--
ldapsam_open_connection: ldap://localhost
ldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server as 
"uid=SambaServer,ou=Servers,dc=domain,dc=edu"
ldap_connect_system: succesful connection to the LDAP server
ldapsam_search_one_user: searching for:[uid=testuser]
Setting entry for user: testuser
failed to modify user with uid = testuser with: Insufficient access

failed to modify user with uid = testuser
Failed to modify entry for user testuser.
Failed to modify password entry for user testuser
--

What else does Samba need permission to access?