Ahhh. Cheeky bastards. You sit around and think "group" for 18 hours
with regard to POSIX Groups. Then it comes time to sit down and configure
"group membership" login restriction. But really, they are entirely
unrelated concepts. It even says in the man page:
"Specifies the distinguish
right!
...from pam_ldap(5):
PAM CONFIGURATION
It is possible to configure some aspects of pam_ldap on a per-service
basis, in the PAM configuration file (this is usually /etc/pam.conf;
for PAM implementations based on Linux-PAM, per-service files in
/etc/pam.d are a
This should be so insanely easy. I'm relatively certain this a
FreeBSD PAM specific issue. From "LDAP system administration [electronic
resource] / Gerald Carter. 1st ed. Beijing ; Sebastopol, CA : O'Reilly,
c2003."
in ldap.conf and nss_ldap.conf
--
# Group to enforce membership of
