Hi Holger,
Then I tried to login and failed. "Login incorrect". In my messages:
slapd[5527]: slapd starting login[4786]: pam_ldap: ldap_search_s No such object login[4786]: FAILED LOGIN 1 FROM /dev/tty1 FOR UNKNOWN, User not known to the underlying authentication module
It seems that you are using ldap to log in to your system, correct? In this case you'll also have to set it up to authenticate to your directory with a valid user. I'm not sure how Suse does this, but in Debian you'd set a binddn and bindpw containing a DN to bind to the directory with and its password, respectively, in order to allow libnss-ldap to lookup user names in the database correctly. I'd advise you to look at Suse's documentation for more information on setting this up.
If I change the last line of the ACLs to: by * read everything works fine.
Thats understandable as the system will be able to do ldap lookups anonymously. Just look at Suse's docs on how to set its pam-ldap and nss-ldap to authenticate to your ldap server.