Directory records can be (and usually are) protected from unauthorized access. When users want to access protected Directory data, they should authenticate themselves first. This process is called binding and successful authentication "binds" the user to a certain DN (distinguished name) in the Directory.
When a user tries to read or modify the Directory data, the binding DN is used to check the Directory Access Rights.
See the Directory Integration chapter for the details.
When the Directory is accessed using the LDAP Module, the client can authenticate itself using the CommuniGate Pro Account name and the Account password. In this case, the binding DN is the DN of the Account record.
Before converting the user account name into the account Directory record DN, the user account Server Access Rights are checked. If the account has the Directory access right, the special "master" bind DN is used instead of the user account record DN. Clients with the "master" bind DN have unlimited Directory access rights.
Any Directory DN can be used for LDAP binding. The directory record with the specified DN must exist, the record should contain the userPassword attribute, and the attribute value must match the supplied password string.
If a client has not authenticated itself, the special anyone bind DN is used.