Securing ldap in WIndows AD

Hello everyone.
I would like to secure the use of LDAP within an Active Directory domain.
My domain has three Windows 2022 DCs.
Searching online, I found these suggestions:
Enforce LDAPS (LDAP over SSL/TLS)
Disable Plain-text LDAP Bindings
Block or Restrict Port 389 (Optional but Recommended)
Enable Channel Binding Tokens (CBT)
Does it make sense to only allow certain users to browse LDAP?
Could limiting LDAP browsing to certain users cause problems?

Thanks