In 2011 'ipasam' was created, so 'IPA_ldapsam' is not in use for at
least five years. Over these five years FreeIPA team managed to handle
whatever changes passdb interface went through, so it is not a big
burden for maintenance out of Samba tree.
Simo and I have a plan to change how FreeIPA clients running SSSD and
Samba at the same time should be handled and an approach would
definitely be different to what is currently in unused pdb_ipa.c. We
want to make sure Samba on such client would always talk to its DC (IPA
master) for NTLMSSP authentication and re-use existing Kerberos host
principal keys as its machine account creds. It wouldn't know clear text
password for the machine account but it shouldn't need that at all,
Kerberos key would be enough. IDMAP parts are already handled by an
idmap plugin provided by SSSD. It doesn't handle yet group mapping and
local security authority parts but this is planned too.
So in the end a Samba member in FreeIPA domain would not require a passdb
module that talks directly to LDAP.