This configuration parameter specifies how you want the agent to respond if a user logs on with an Active Directory account and either the Active Directory user name or Active Directory UID conflicts with a local user account. The purpose of detecting a duplicate user name or duplicate UID is to prevent an Active Directory user from signing on and receiving privileges to modify files created by a different local user.

The pam.uid.conflict configuration parameter determines what happens when this type of conflict is found. The parameter value must be set to one of the following valid options:

Use this value To do this

Do not report duplicate user names or UID conflicts. If detected, log the conflict at the info level if logging is enabled.


Warn the user of the user name or UID conflict after s successful login. Log the conflict at warning level if logging is enabled. This is the default value.


Report UID conflict to user after user name is entered. Don't accept password. Don't allow log in. Log conflict at error level.

For example:

pam.uid.conflict: warn

Note:   If both the Active Directory user name and Active Directory UID are the same as a local user name and UID, the accounts do not conflict and the user can log on regardless of how you set this parameter. Although this situation is rare, you should avoid using Active Directory user names and UIDs that duplicate local user names and UIDs but apply to different individual users.

If this parameter is not present, its default value is warn.