How setup PAM via LDAP

How setup PAM via LDAP:

(Our organization is using Microsoft Windows 2003 server as AD with POSIX compatible schema)

1. run authconfig-tui (authconfig-gtk)
2. check "Enable LDAP Support", when press OK
3. edit /etc/ldap.conf

uri ldap://YOUR_DOMAIN.com
base OU=YOUR_DEPARTMENT,dc=YOUR_DOMAIN,dc=com

binddn CN=BIND_USER,OU=Service Users,DC=YOUR_DOMAIN,DC=com
bindpw BIND_PASSWORD

scope sub

nss_base_passwd OU=YOUR_DEPARTMENT,DC=YOUR_DOMAIN,DC=com
nss_base_shadow OU=YOUR_DEPARTMENT,DC=YOUR_DOMAIN,DC=com
nss_base_group OU=Access Groups,OU=YOUR_DEPARTMENT,DC=YOUR_DOMAIN,DC=com

nss_map_objectclass posixAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory sAMAccountName
nss_map_objectclass posixGroup Group
nss_map_attribute cn msSFUName
nss_map_attribute userPassword msSFUPassword
nss_map_attribute uniqueMember member

pam_filter objectclass=user
pam_login_attribute sAMAccountName
pam_password md5

http://joseph.randomnetworks.com/archives/2004/06/21/active-directory-with-nss_ldap-and-pam_ldap/
http://www.yolinux.com/TUTORIALS/LDAP_Authentication.html
http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html