Implemented LDAP contextless login using an LDAP Proxy user, and that is working fine.

Since the LDAP Proxy user has null password, I wish to lock it down in some way since anyone who knows or guesses the username can login to the directory (not a huge concern but still, want to be thorough).

As far as I can tell from the docs, the only thing I can really do is impose network address restrictions on it ("You can limit the locations that the user can log in from by setting address restrictions for the Proxy User object.")

However, exactly what addr restrictions can / should I impose (such as are just the server IPs of the LDAP servers enough?) and especially, will imposing the address restriction have impact on any other services? Using OES2SP1-Linux and also using NSS clustering if it matters.