LDAP authentication provides a more secure method of mailbox access than standard GroupWise authentication, which is the default when you set up your GroupWise system. Therefore, you should implement LDAP authentication. For instructions, see Section 15.3.4, Providing LDAP Authentication for GroupWise Users.
On the LDAP Directory object, the LDAP user name that you provide on the LDAP Authentication tab should be granted only browser rights in the LDAP directory. The password for the LDAP user should be long and randomly generated.
On your LDAP servers, the trusted root certificate file should be write protected so that it cannot be tampered with.