I have a question on LDAP search issue.
I want to disable full search on the LDAP tree.


My LDAP Tree is:

c=US, o=Dept1, cn=John Smith
c=US, o=Dept1, cn=Ann Adams

I want to deny to read full listing of the tree but only allow when the search condition meets only the required person.
In the example above I want nobody to be listed. But when the search criteria is "c=US, o=Dept1, cn=Ann Adams"  this entry must be listed. When a search on "c=US" comes, nothing must be listed.

What is the correct  Access Control Information for this request??