I think as you; my /etc/pam.d/sudo: # cat /etc/pam.d/sudo | grep -v "#" auth required /usr/local/lib/pam_ldap.so account sufficient /usr/local/lib/pam_ldap.so session sufficient /usr/local/lib/pam_ldap.so password sufficient /usr/local/lib/pam_ldap.so ;) -- Thanks, Jordi Espasa Clofent