How to use an alternate config file for separate services

I am having issues getting vsftpd to us a different OU (
ou=ftpusers,...) to authenticate users than ssh users (
ou=people,...).

I have setup a new ldap.conf file in /usr/local/etc/vsftpd/ldap.conf

I setup a new system-auth pam file named system-auth-vsftpd. In here I
am using the "config" argument on the pam_ldap.so module. It is
referenced by the pam.d/vsftpd config file.

No matter what I do I can't login with users from the ou=ftpusers,
unit. However, it still accepts folks who are in the ou=people, unit.
This leads me to believe it is ignoring the "config" argument. Any
ideas why?

My setup thus far:

[root]# cat /etc/pam.d/vsftpd
#%PAM-1.0
session    optional     pam_keyinit.so    force revoke
auth       required     pam_listfile.so item=user sense=deny
file=/etc/vsftpd/ftpusers onerr=succeed
auth       required     pam_shells.so
auth       include      system-auth-vsftpd
account    include      system-auth-vsftpd
session    include      system-auth-vsftpd
session    required     pam_loginuid.so

[root]# cat /etc/pam.d/system-auth-vsftpd
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        required      pam_tally.so deny=3 unlock_time=300
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so
config=/usr/local/etc/vsftpd/ldap.conf use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
config=/usr/local/etc/vsftpd/ldap.conf
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=2
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
use_authtok remember=15
password    sufficient    pam_ldap.so
config=/usr/local/etc/vsftpd/ldap.conf use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_mkhomedir.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so config=/usr/local/etc/vsftpd/ldap.conf


[root]# cat /usr/local/etc/vsftpd/ldap.conf
base dc=somewhere,dc=org
rootbinddn cn=manager,dc=somewhere,dc=org
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_base_passwd ou=ftpusers,dc=somewhere,dc=org?one
nss_base_shadow ou=ftpusers,dc=somewhere,dc=org?one
nss_base_group ou=unixgroups,dc=somewhere,dc=org?one
nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
uri ldap://172.25.14.140/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
pam_password exop
pam_password_prohibit_message Please visit https://www.somewhere.org/
to change your password.
nss_base_group ou=unixgroups,
nss_base_passwd ou=ftpusers,