Can I create a user for read-only access to LDAP?
Yes, this it possible since UCS 4.3. It is called “simple authentication account”. To create such a user check the Wiki page.
Additionally, see below screenshot on how to create this type of user:
Please note that such an account will not be synchronized to the Samba LDAP directory. Therefore it can only be used for logging in to the OpenLDAP server on ports 7389 and 7636.
Be aware for such users the default password policies do not apply. See here.