I am running Samba on OES 1 SP2 and it is working fine. However I am
repeatedly get intruder detection lockouts on the admin user that was
configured during the install. I'd like to use a different user for this
to make troubleshooting these lockouts easier and I'd also like to limit
the rights required by this user to the bare minimum. The user is
referenced as shown below in the smb.conf configuration file and when you
administer Samba from the YaST2 GUI it is visible there too.

#Replaced by OES Install:
passdb backend = NDS_ldapsam:ldaps:// smbpasswd
# Replaced by OES Install:
ldap admin dn = cn=admin,o=mycompany

What are the absolute bare minimum rights required by this user in order
for Samba to be functional? Can Samba operate if this user only has Read
rights to the Samba-specific attributes in eDirectory? Are any Write
rights required?

Sorry if this is documented somewhere, I did look but I couldn't find