Joseska,
I suggest a snapin would be a better place to add the computer to a group in LDAP. Assuming the computer is a Windows computer and you want to add that computer to the Samba emulation of Active Directory and assuming Samba emulates AD such that Windows PCs can find the Samba system(s) like they would a real Microsoft Domain Controller, a CMD command would do the trick. I’ve used commands like this below to put domain groups into local computer groups. This command, run as a snapin on a PC in a domain, will add a domain group to a local computer group - giving users in the domain group rights on the PC:
net localgroup administrators DomainName\DomainGroupName
I also believe you can add an AD computer object to a domain group with the same command. It’s abnormal to place a computer object in a domain, but I’ve used this approach to allow services on a specific PC to access network resources without having to place an AD account on a service. The down side of doing this is that all services on that computer have the same access rights, not just the service you intend to have those rights.
I believe this command will add a computer to an AD group:
net group DomainGroupName computername$ /add /domain
I don’t know if your LDAP/SAMBA/AD supports Group Policy Objects, but actions that need to be taken on machines just after they join a domain (so they work correctly for future users) are typically done in Startup Scripts inside a GPO applied to the OU to which the Machines are joined.
Hope this helps.
Jim
