The pam_ldap module is a PAM module option for LDAP to authenticate clients and to perform account management. If you configured the client profile's authentication mode as simple and the credential level as self, you must also enable the pam_krb module.
For more information, see:
pam_ldap(7) man page
pam_krb5(7) man page
If PAM policy is not explicitly specified in /etc/pam.conf or /etc/security/policy.conf, UNIX authentication is enabled by default. See the policy.conf(5) man page for information about the preferred configuration mechanisms and lookup order for PAM.
The preferred way to configure PAM to use LDAP policy is to update the PAM_POLICY entry in /etc/security/policy.conf to be the following:
PAM_POLICY=ldap
If you need to configure PAM to use UNIX authentication (the default), update the PAM_POLICY entry in /etc/security/policy.conf to be the following:
PAM_POLICY=unix