Cool Solution - LDAP search user / simple authentication account
From Univention Wiki
For security reasons we recommend to create a simple authentication user, which can only read LDAP entries.
First things first you go to the UMC and open the Users module and add a new user. Klick on Advanced in the new Window.
Fill out all neccessary text fields (lastname, username and a safety password) and go to the "Option" tab. Untag all checkboxes except "simple authentication".
With the following command line you can check, if the created user is qualified to read the LDAP entries. Execute the following command:
univention-ldapsearch -LLL -D uid=<LDAP user>,cn=users,dc=example,dc=com -W
and enter the password of the LDAP user. After that, you should get a overview of all LDAP entries.