samba - Nov 2011 - move to Idmap with ldap

I have a functioning samba & ldap setup.  I'm using smbldap-tools and I
want
to move to using Idmap as a backend.

Currently Ldap looks like:

dc=domain,dc=org
+--ou=Computers,dc=domain,dc=org
-- --uid=name$,ou=Computers,dc=domain,dc=org

+--ou=Groups,dc=domain,dc=org
-- --cn=group,ou=Groups,dc=domain,dc=org

+--ou=Idmap,dc=domain,dc=org

+--ou=Users,dc=domain,dc=org
-- --uid=name,ou=Users,dc=domain,dc=org

Currently Idmap is empty, and all the other entries hold computer accounts, 
user accounts and group listings as expected.

I have all the built in accounts in Users and Groups.
Looking at the configs on the samba wiki for Idmap, it doesn't look like I 
have to do much to move over.

What goes in the Idmap container? do I have to move the users, computer and 
groups under that entry?  Do new users get created within that container?

I couldn't find a howto for specifically what I'm looking for.

Any advice would be great, thanks.

From: Caleb O'Connell <caleb at privacyassociation.org>
Date: Thu, 10 Nov 2011 12:59:47 -0500
> I have a functioning samba & ldap setup.  I'm using smbldap-tools
and I want
> to move to using Idmap as a backend.
(snip)
> Currently Idmap is empty, and all the other entries hold computer accounts,
> user accounts and group listings as expected.
If you are building Samba as PDC, Idmap is never used unless you use
ldapsam:editposix (with Winbind) instead of smbldap-tools.

---
TAKAHASHI Motonobu <monyo at samba.gr.jp>