You should use LDAP instead of direct access mode if the eDirectory™ tree is on a different machine than the agents. When connecting with LDAP, SSL should be used to secure the connection. For additional information on how to secure the LDAP connection, see eDirectory Access and Authentication
in the Messenger 2.0 Installation Guide.
The admin user should not be used when connecting with LDAP access. Instead, a proxy user should be created with limited rights. For information on what rights the LDAP proxy user must have, see eDirectory Access and Authentication
in the Messenger 2.0 Installation Guide.
When a user authenticates, DirUserAuthBind binds the user to the directory tree so password policies can be enforced. DirUserAuthBind is a startup switch in the startup files for both agents.
For additional information on configuring DirUserAuthBind, see Section 3.2.3, Selecting Bind or Compare eDirectory Access for Users.