# Your LDAP server. Must be resolvable without using LDAP.
host staging.everybody.org

# The distinguished name of the search base.
base o=Everyhost.com

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The search scope.
scope sub

# Search timelimit
timelimit 30

# Filter to AND with uid=%s
pam_filter objectclass=posixaccount

# The user ID attribute (defaults to uid)
pam_login_attribute uid

# Group to enforce membership of
pam_groupdn cn=staging-login,ou=Groups,o=Everyhost.com

# Use the OpenLDAP password change
# extended operation to update the password.
pam_password exop