This configuration parameter specifies the message displayed if a user identifier (UID) conflict is detected during login; that is, if there is a local user with a different user name but the same UID as the Active Directory user logging on. For example:

user1 10001  #local user
user2 10001  #AD user

When the message is displayed, the %d token is replaced with the UID of the conflicting local account. The message string you define must contain exactly one %d token, and no other string replacement (%) characters.

For example:

pam.account.conflict.uid.mesg: \
Account with conflicting UID (%d) exists locally

For more information about displaying a warning when local conflicts are detected, see pam.uid.conflict.