This is exactly your problem.
I’ve encountered this “behavior” some time ago, and I changed to the way I wanted it (read only for everybody).
I’m too lazy to investigate the consequences of this modification, but for my use cases this is “secure enough”.
click here to see the modifications I made.
@alefattorini: no, I’m not an expert in any way. Expecially with LDAP. I’ve just configured it with my mighty hammer.