You should use LDAP instead of direct access mode if the eDirectory tree is on a different machine than the agents. When connecting with LDAP, SSL should be used to secure the connection. For additional information on how to secure the LDAP connection, see Novell Messenger 3.0 Installation Guide.
When a user authenticates, DirUserAuthBind binds the user to the directory tree so that password policies can be enforced. DirUserAuthBind is a startup switch in the startup files for both agents.
For additional information on configuring DirUserAuthBind, see Section 3.2.3, Selecting Bind or Compare eDirectory Access for Users.