pam_ldap on CentOS passed INCORRECT is local account doesn't exist

Hello All,

I am having a bit of an issue. I want to use pam_ldap for
authentication and do not want to have a local user account that is
the for each user that I want to authenticate via ldap. So for example
if I have linux client A receive a login request from a user with the
username of "user.2" via ssh I would expect PAM and pam_ldap to use
the password which the user provided to bind to the ldap server. For
some reason I have something out of order and if the user does not
have a local account it is forwarding INCORRECT as the password to the
ldap server. If I create the username "user.2" on the local system it
will then forward the password provided by the user and the I am off
and running. Any thoughts?

#
# TCPDUMP showing that the password for AUTH is incorrect
# user.2 does not exist locally
#
00000074  30 40 02 01 03 60 3b 02  01 03 04 27 75 69 64 3d
0@...`;. ...'uid=
00000084  75 73 65 72 2e 32 2c 6f  75 3d 50 65 6f 70 6c 65
user.2,o u=People
00000094  2c 64 63 3d 64 69 73 61  6d 63 65 70 2c 64 63 3d
,dc=disa mcep,dc=
000000A4  63 6f 6d 80 0d 08 0a 0d  7f 49 4e 43 4f 52 52 45
com..... .INCORRE
000000B4  43 54
              CT


#
# TCPDUMP showing that the password for AUTH is correct
# after /usr/sbin/adduser user.2
#
00000074  30 37 02 01 03 60 32 02  01 03 04 27 75 69 64 3d     07...`2. ...'uid=
00000084  75 73 65 72 2e 32 2c 6f  75 3d 50 65 6f 70 6c 65
user.2,o u=People
00000094  2c 64 63 3d 64 69 73 61  6d 63 65 70 2c 64 63 3d     ,dc=disa mcep,dc=
000000A4  63 6f 6d 80 04 74 65 73  74
   com..test


OS: CentOS 5.1

#
# /etc/pam.d/sshd
#
#%PAM-1.0
auth         required         /lib/security/pam_nologin.so
auth         sufficient         /lib/security/pam_ldap.so
auth         required         /lib/security/pam_unix_auth.so try_first_pass

account         sufficient         /lib/security/pam_ldap.so
account         required         /lib/security/pam_unix_acct.so

password         required         /lib/security/pam_cracklib.so
password         sufficient         /lib/security/pam_ldap.so
password         required         /lib/security/pam_pwdb.so use_first_pass

session         required         /lib/security/pam_unix_session.so

#
# /etc/pam.d/system-auth
#
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so