I’v been tinkering with this and more to understand why it’s not possible added the samba schema anyway. Could not get it to work, I think hit this brick wall:
network (windows) username= user1
ldap (uid) username = user1 with uidnumber = 1000
(posix)usernumber 1000 > through SSSD/nsswitch = user1@domain
Stopped tinkering after reading this, however
Making local accounts outside Ldap does not appeal to me. But i’ll consider (mis)using this suggestion by creating “password protected” shares by introducing a (local) account (username = sharename) for each protected share.