From 3769c59e43c40e8b5f0a03842da880ba7f8a1755 Mon Sep 17 00:00:00 2001
From: Vladimir Nadvornik <nadvornik@suse.cz>
Date: Fri, 30 Jan 2026 15:04:49 +0100
Subject: [PATCH] Allow LDAP users that are not visible to pam_unix

---
 containers/server-image/root/etc/pam.d/susemanager-account      | 2 +-
 containers/server-image/server-image.changes.nadvornik.pam_unix | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 containers/server-image/server-image.changes.nadvornik.pam_unix

diff --git a/containers/server-image/root/etc/pam.d/susemanager-account b/containers/server-image/root/etc/pam.d/susemanager-account
index 7e0f5c50ef88..94eb876bf459 100644
--- a/containers/server-image/root/etc/pam.d/susemanager-account
+++ b/containers/server-image/root/etc/pam.d/susemanager-account
@@ -1,3 +1,3 @@
-account	requisite	pam_unix.so	try_first_pass 
+account [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=ignore default=die]    pam_unix.so   try_first_pass
 account	sufficient	pam_localuser.so 
 account	required	pam_sss.so	use_first_pass	
diff --git a/containers/server-image/server-image.changes.nadvornik.pam_unix b/containers/server-image/server-image.changes.nadvornik.pam_unix
new file mode 100644
index 000000000000..f867cd06c8b0
--- /dev/null
+++ b/containers/server-image/server-image.changes.nadvornik.pam_unix
@@ -0,0 +1 @@
+- Allow LDAP users that are not visible to pam_unix (bsc#1256791)