Try something along the lines:
# allow everybody to bind, and self to change password
access to attrs=userPassword
by self write
by anonymous auth
# allow everybody searching for objectClass
access to filter="(objectClass=inetOrgPerson)" attrs=objectClass
by * search
# allow everybody to read the entry and the cn
access to filter="(objectClass=inetOrgPerson)" attrs=entry,cn
by * read
# allow only users to read the rest of the entry
access to filter="(objectClass=inetOrgPerson)"
by users read
# allow everybody to search (but not see) everything else
access to *
by * search
p.