#auth       required      pam_env.so
#auth      sufficient    pam_unix.so likeauth nullok

auth       required       pam_ldap.so

#auth       required      pam_deny.so

account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

#password    requisite     pam_cracklib.so try_first_pass retry=3
#password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
#password    required      /lib64/security/pam_ldap.so use_authtok
#password    required      pam_deny.so

session     optional      pam_ldap.so