-# LDAP config copied from http://wiki.debian.org/LDAP/PAM
-account required pam_unix.so
-account sufficient pam_succeed_if.so uid < 1000 quiet
-account [default=bad success=ok user_unknown=ignore] pam_ldap.so
-account required pam_permit.so
+# pam_unix does general checks based on NSS info, so it also works for ldap
+# users.
+account required pam_unix.so