On Thu, Jun 17, 2010 at 8:04 AM, Aaron Richton <[email protected]>wrote:
> On Thu, 17 Jun 2010, Indexer wrote: > > membership logins a notice appears that says "You must be a memberUid of >> cn=login,ou=Nemo,ou=Group,dc=chocolate,dc=lan to login.", but the user is >> still able to continue and login, and it is not enforcing the group >> > [...] > > account optional /usr/local/lib/pam_ldap.so >> > > Of course they're able to continue; that check is optional in a stack that > contains other results. See pam.conf(5) man page. > > I think you want something like: account [default=bad success=ok user_unknown=ignore] pam_ldap.so - Adam
