The LDAP.xml configuration file needs to specify a user that is able to read the LDAP server's information. This user only needs read access to the LDAP parts you specify in your LDAP.xml file (typically the users node and possibly the groups node). As you also need to specify this user's password in the LDAP.xml file, you need to make sure the file cannot be read by any unauthorized user.

The LDAP Authenticator module does not make any changes to the LDAP server. It only reads information from it.