Thank you for fast reply and good explanation.
In our case we have several NAS which are connected with UCS4 server through connection to AD compatible service. Also we have much of git repositories. For that we use GitBlit and it is using UCS as an usual LDAP server.
Sometimes we need to provide access to these repositories for our clients. But we do not want that accounts of clients were visible in NAS devices.
That is why we need a possibility to create users without "Samba account".
So we try divide connecting of our internal services to UCS4. Ones are using it as ActiveDirectory server, others as a OpenLDAP server. We thought that we can use user templates for creating users which will be domain users and all the rest, and which will be only LDAP users.
We can create LDAP only users manually via web UI by disabling such options like "Samba" or "Kerberos". But we cannot do that using templates, don't we?