How to configure ACLs so that non-admin users don't have read access to entire tree?

[CardboardTurkey]

I'm getting the same error as seen in #178. Is it possible to fix this without giving all users read access to the entire LDAP tree? In effect, what does PLA need access to within the LDAP tree to get rid of the error?

We get the error with the following ACLs configured:

# Access control lists (ACLs)
access to attrs=userPassword
    by self write
    by * auth

access to dn.base=dc=example,dc=co,dc=uk
    by users read

access to dn.base=ou=people,dc=example,dc=co,dc=uk
    by users read

access to *
    by group.exact="cn=admins,ou=groups,dc=example,dc=co,dc=uk" write
    by dn.children="ou=sysaccounts,dc=example,dc=co,dc=uk" read
    by self read