[0 - offline_timeout_random_offset]
access_provider = ldap
ldap_access_filter = (employeeType=admin)
access_provider = ldap
ldap_access_order = expire
ldap_account_expire_policy = ad
Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object.
ad_enabled_domains = sales.example.com, eng.example.com
ad_enable_dns_sites (boolean)
ad_gpo_implicit_deny = True
ad_gpo_map_batch = +my_pam_service, -crond
ad_gpo_map_deny = +my_pam_service
ad_gpo_map_interactive = +my_pam_service, -login
ad_gpo_map_network = +my_pam_service, -ftp
ad_gpo_map_permit = +my_pam_service, -sudo
ad_gpo_map_remote_interactive = +my_pam_service, -sshd
ad_gpo_map_service = +my_pam_service
all users are allowed
Any text string describing the user. Often used as the field for the user's full name.