Samba: read-only LDAP + additional local users
Solution 1:
The password back end being discussed here is in reference to the local storage of Samba user passwords. For users that are setup as local Samba users, their passwords can be stored in a variety of fashions (tdbsam, ldapsam, smbpasswd, etc).
The LDAPSam backend is used if/when you have a local directory server running and wish to store Samba user passwords to it, as opposed to a TDB or flat file. Since you mentioned "you have access to a read only LDAP" I presume this LDAP service isn't running locally, and instead you want to authenticate users against an LDAP, where there user account information is already stored? There's a subtle difference between two. One is "Which back end should I use to store local account information" and the other is "where should I go to authenticate users?"
If that's the case, what I think you're looking for are the authentication models Samba utilizes, primarily, the User, Domain, and ADS models (google "Samba security modes"). You'll probably be most interested in the Domain/ADS models, which allow you to hook into ActiveDirecory or LDAP services to authenticate user accounts to access Samba shares.
For users that are not in the LDAP service your option may be simple local Samba user accounts, which will then be stored - going back to the previous mention of back ends - in whatever back end you've selected :)
If you'll be using Samba a lot, I might recommend going out and grabbing something like an O'Reilly guide. The most commonly referenced Samba documentation out there is the "SAMBA-3-HOWTO." While it's a great reference, it's very easy to find yourself with dated information, which can lead to much longer periods of troubleshooting.