On Fri, 4 Jun 2010, Stuart Cherrington wrote:
nss_base_passwd ou=people,dc=ldn,dc=sw,dc=com?sub?ismemberof=cn=access,ou=auth,dc=ldn,dc=sw,dc=com This ensures that only users within the CN 'access' can login to the servers.
For a group, perhaps you should be using "pam_groupdn" directive instead of that filter? (Test your setup with OpenLDAP's ldapcompare(1).)