On Thu, Jun 17, 2010 at 8:04 AM, Aaron Richton
<richton@nbcs.rutgers.edu> wrote:
On Thu, 17 Jun 2010, Indexer wrote:
membership logins a notice appears that says "You must be a memberUid of cn=login,ou=Nemo,ou=Group,dc=chocolate,dc=lan to login.", but the user is still able to continue and login, and it is not enforcing the group
account optional /usr/local/lib/pam_ldap.so
Of course they're able to continue; that check is optional in a stack that contains other results. See pam.conf(5) man page.