Hi
@Agent86: Your accessment of LDAP/Server-Manager is correct:
LDAP / Server-Manager
================
The Server-Manager is used to manage (most) aspects of SME server. In this sense, the Server-Manager can create/modify/delete accounts on the server.
Accounts created on the server get a automatically created account in MySQL for any settings in Horde.
Any account also gets an entry in the LDAP system, which is used for Address-Book functions in Horde only. SME doesn't use LDAP for anything else, AFAIK.
This means that the entries in LDAP do not show up in Server-Manager, only the corresponding entries in the local files which are created/modified at the same time as SME creates the LDAP entries. This is a technicality, really...
But: SME does provide you with the LDAP infrastructure.
Your added addresses and such will show up in any mail client pointing to the right OU (Check the server-manager page for the right OU...), but they will not show up in Server-Manager because:
- The Server-Manager doesn't query LDAP for display (It's write-only...)
- The Server-Manager isn't built to manage addresses, but accounts.
LDAP Rights
========
LDAP permissions can be really fine-granulated. If needed, you could even set attributes on almost any part of the info. 
Say allowing an authenticated user to view the whole name and e-mail only, but not the telefon number, not even first and last names...
LDAP also allows you to set permissions based on IP, Domain-Names, Users, Groups - almost anything needed 

. But there's several books worth of information on permissions and rights in a LDAP system. Basically most info on M$ Active-Directory and/or Novells eDirectory (NDS) are also valid, at least as far as permissions and rights are concerned, because all mentioned products are based on LDAP V3.
YMMV
Andy Wismer