Ghys,

Sounds like you are making progress... I'm familiar with the "invalid credentials" message you are seeing... What's funny is that it turned out to be just that...Invalid(Fat-Fingered) ldap query user credentials entered into my /etc/ldap.conf file.... Double check that you have the correct windows LDAP query username and password entered into your /etc/ldap.conf file. If that's not the problem, see below:

Try replacing (where the windows LDAPQUERYUSER user is expected to be in the "Users" container in AD)
binddn cn=LDAPQUERYUSER,cn=Users,dc=myplace,dc=com
With this (use the same case as with the user you created)
binddn LDAPQUERYUSER@myplace.com


Also try adding these lines to your /etc/ldap.conf in addition to the changes from above
nss_map_attribute cn cn
pam_password md5


At this point it sounds like your SuSE machine is trying to make contact with the server but either has the wrong LDAP-QUERY username and password or the user/pass aren't being delivered in a way that is recognizable to Active Directory. Another thing to recheck would be the /etc/krb5.conf file.. ensure there are no wrapped lines in there.. see below

/etc/krb5.conf
#ensure there is no wrapping of the following lines
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 aes256-cts arcfour-hmac-md5
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 aes256-cts arcfour-hmac-md5


Also, try to su to a windows user and then see what it says in the /var/log/messages file... you may
see something like "authentication success" which would indicate that your /etc/krb5.conf file is
sound and that you are truly working with an LDAP query problem instead of a kerberos issue

As always, good luck!
Shannon