openLDAP ограничивают пользователя

I don't think the permissions you are having an issue with are stored in LDAP, so much as in the filesystem. LDAP will only keep track of a user's permissions in LDAP (generally) and their groups.

If you want the user to be unable to read some files, make sure those files are not world-readable (the last bit of the file's mode should be 0, or more pedantically, the fours bit should not be set). Good practice is to make people's home directories this way by default. Bear in mind also that on directories the +x permission bit is traversal.

Ensure also that the user you're thinking of doesn't have any groups that would allow him to read files you don't want him to read.

There is simply no facility for denying access to files in this manner using POSIX file permissions, especially not through LDAP; you just have to ensure access is not granted in the first place.

You should consider reading up on chmod and chown, if you aren't already familiar with them.