hi there,

im my LDAP server i have 4 ou's

ou=first,dc=example,dc=com
ou=second,dc=example,dc=com
ou=third,dc=example,dc=com
ou=fourth,dc=example,dc=com

i only want users from first, second and third to be able to logon to the system.

my current pam ldap configuration (/etc/ldap.conf) file looks like...

host server.dc=example,dc=com

# The distinguished name of the search base.
base dc=example,dc=com

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=moodleuser,dc=example,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw password

# The port.
port 389

# The search scope.
scope one

nss_base_passwd dc=example,dc=com
nss_base_shadow dc=example,dc=com
nss_base_group dc=example,dc=com

nss_map_objectclass posixAccount user
nss_map_attribute uid msSFUName
nss_map_attribute homeDirectory msSFUHomeDirectory
nss_map_objectclass posixGroup Group
nss_map_attribute cn msSFUName
nss_map_attribute userPassword msSFUPassword
nss_map_attribute uniqueMember member

pam_filter objectclass=user
pam_login_attribute sAMAccountName
pam_password crypt

ssl no
tls_cacertdir /etc/openldap/cacerts

can someone tell me how to only allow