When a user signs in to FreeIPA, I do not want them to be able to view the list of users in my LDAP server under the "Active users" link. I still want them to be able to administer self-service, so they can reset their password, add OTP tokens, etc. How would I go about doing this? The users will only be able to access the web interface, so it doesn't matter whether they can access it from other sources.