#
auth	[success=2 default=ignore]	pam_unix.so nullok_secure
auth	[success=1 default=ignore]      pam_ldap.so
auth	requisite			pam_deny.so
auth	required			pam_permit.so

#
account	[success=2 new_authtok_reqd=done default=ignore]	pam_unix.so 
account        [success=1 default=ignore]      pam_ldap.so
account	requisite			pam_deny.so
account	required			pam_permit.so

#
password	[success=1 default=ignore]	pam_unix.so obscure sha512
password        [success=1 user_unknown=ignore default=die]     pam_ldap.so use_authtok try_first_pass
password	requisite			pam_deny.so
password	required			pam_permit.so

#
session		[default=1]			pam_permit.so
session		requisite			pam_deny.so
session		required			pam_permit.so
session		optional			pam_umask.so
session		required			pam_unix.so 
session		optional			pam_ldap.so