When a user signs in to FreeIPA, I do not want them to be able to view the list of users
in my LDAP server under the "Active users" link. I still want them to be able to
administer self-service, so they can reset their password, add OTP tokens, etc. How would
I go about doing this? The users will only be able to access the web interface, so it
doesn't matter whether they can access it from other sources.