You are building a server which will authenticate users using the pam_ldap module. In addition to possessing a valid account, you only want to allow logins by users who are members of a certain group.
Which parameter in ldap.conf will allow you to specify a filter string to be ANDed with the login attribute when validating a user?
(Enter only the parameter, without any options or values)