The pam_ldap module is a PAM module option for LDAP to authenticate clients and to perform account management. If you configured the client profile's authentication mode as simple and the credential level as self, you must also enable the pam_krb module.
For more information, see:
If PAM policy is not explicitly specified in /etc/pam.conf or /etc/security/policy.conf, UNIX authentication is enabled by default. See the policy.conf(5) man page for information about the preferred configuration mechanisms and lookup order for PAM.
The preferred way to configure PAM to use LDAP policy is to update the PAM_POLICY entry in /etc/security/policy.conf to be the following:
If you need to configure PAM to use UNIX authentication (the default), update the PAM_POLICY entry in /etc/security/policy.conf to be the following: