With this line in the passwords are changed on windows, but to something incoherent, probably due to an incompatible hashing. We commented out the line and now passwords are syncing in both directions.
Using fedora-ds 1.04 on RHEL5.1 talking to a 2003 AD. Passwords were syncing from the AD to the DS but not vice-versa. We use MD5 passwords, that seems to be the problem, only SSHA passwords seem to work. Our ldap.conf has this line: