Limit access to LDAP shared address book?

Hi! First, the good news -- my Open Directory "shared address book" works great (OS X Server 10.4.6) thanks to the hints in this forum. With Apple Mail (on my OS X clients), I can add my LDAP server and the "search base" in Preferences => Composing and I get really great address completion. Now the bad news. [b]I really don't want the whole world to be able to "auto-complete" from my LDAP address book[/b] so (at least for now) I have blocked port 389 in my outside firewall interface (so inside users can check addresses, but outside users cannot). I noticed the Apple Mail has a place to choose [b]"Simple" authentication (requiring a username and password)[/b] so there must be (this may be too great a leap of logic) a way to prevent anonymous LDAP email address lookups in OS X Server Open Directory. Alas, I have not found it. [I thought it was the "Server Admin => Open Directory => Settings => Policy => Binding => Directory Binding => Require clients to bind to directory" checkbox, but it is not that -- it's still good that it is checked for other security reasons, but it does not effect mail client email address lookup.] So, my question: [b]How do I require users to enter a username and password to use the shared address book aspects of my LDAP Directory?[/b] Thanks for any help, Charlie