You are building a server which will authenticate users using the pam_ldap module. In addition to possessing a valid account, you only want to allow logins by users who are members of a certain group. Which parameter in ldap.conf will allow you to specify a filter string to be ANDed with the login attribute when validating a user? (Enter only the parameter without any options or values)
Answer: pam_filter