If you have a domain name that you legally own then use it broken up with dc's as your basedn. eg: if example.com is your domain, your basedn is "dc=example,dc=com". Windows ActiveDirectory uses this convention. One of the advantages of using this convention is it makes it easy to guess what your basedn will be, and to do referals.
Keep schemacheck on, you'll save yourself some headaches in the future.
dc=example,dc=com
ou=Users
uid=perry uid=daniel uid=craig
ou=Groups
uid=users uid=admins
Configure ldap to use SSL where possible, preferably over ldaps. Beware that by default people can bind anonymously and browse your tree, so consider in your ACL's anonymous users.
Consider creating users for services that need to be able to bind to the tree, such as mail.
todo: discuss schemas
Part of CategoryBestPractices
One page links to LDAPBestPractices:
