[Samba] LDAP Idmap

[Shannon Johnson]

I'm having quite a bit of trouble getting an LDAP directory set up for
the idmap backend for winbind. I've been working on it for quite a
while, and haven't found any very helpful websites or anything. I've
found quite a bit on how to set up a PDC using LDAP, which would be
nice, but I already have the PDC... I just need LDAP to host UID's and
GID's. The things I'd like to know are:

1.	What should the rootdn, suffix, and indexes be in the
slapd.conf? I think that the rootdn needs to match what I put in the
smb.conf for the "ldap admin dn", and I'm fairly sure the suffix needs
to match the "ldap suffix" from the smb.conf... I don't have any idea
about the indexes.
2.	What needs to be in the ldif file to create the directory
properly? I've tried several that I've found online, both from the Samba
3 By Example book, and lots of forum / mailing list posts. I'm not sure
if what I've tried has been correct, but it hasn't worked yet, and this
is one part I'm not sure about.
3.	I think that once I get the first 2 things worked out, I just
set about 6 things in my smb.conf (ldap suffix, ldap admin dn, idmap
backend (which should point to ldap:ldap://127.0.0.1, if the server is
running on the same machine, right?), ldap idmap suffix, idmap uid, and
idmap gid), enter my password from the "smbpasswd -w" command, and once
I restart winbind, it should automatically start filling up the
directory, right? 
4.	Once I get the server going and filled up with UID's and GID's,
for the clients, am I correct in saying that I alter the smb.conf to
include the ldap suffix, ldap admin dn, idmap backend, ldap idmap
suffix, idmap uid, and idmap gid, then again enter my password via
smbpasswd -w, change /etc/nsswitch.conf to be "passwd files ldap"
instead of "passwd files winbind", and it should work?

This isn't documented very well anywhere, so I'd appreciate any hints or
suggestions anybody might have...

Shannon