I want only user "theuser" to login to this host.
I have tried the following in nslcd.conf:
pam_authz_search (&(objectClass=posixAccount)(IsActive=TRUE)(uid=theuser))
but all can login. If instead of pam_authz_search I use the "filter" command, it works, but getent returns only one user, the "theuser".
UPDATE:
OS is ubuntu 12.10, I'm using libpam-ldapd NOT libpam-ldap
Best Answer
You can control who logs into a server (regardless of the source of the user database) with the /etc/security/access.conf file. For this mechanism, you need to enable the pam_access module (generally for the account stage). Either in /etc/pam.d/common-account for all services, or something like /etc/pam.d/sshd to make it only effective to ssh connections.
Check the man pages for access.conf and pam_access for the details.