Hi Bellow is my sssd.conf

with bellow setting, user cant login. 
but if i remove ldap_access_filter , then all user can access

What i am doing wrong...     
i just want user from "techops" group to access this server..


any help will be really grateful .

[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd

[pam]

[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://auth2.xxxxxx.lan/,ldap://auth1.xxxxxxxlan/
ldap_search_base = l=uk,dc=xxxx,dc=lan
ldap_tls_reqcert = demand
cache_credentials = true
enumerate = true
debug_level = 10
ldap_tls_cacertdir = /etc/openldap/xxx/
ldap_tls_cert = /etc/openldap/cacerts/CA-xxx.crt
access_provider = ldap
ldap_access_filter = memberUid=cn=techops,ou=groups,l=uk,dc=xxxx,dc=lan
#entry_cache_timeout = 600
#ldap_network_timeout = 3


and the log i get from secure  file

2013-05-28T22:13:02.782543+01:00 uk-xxxxx-1 sshd[4172]: pam_sss(sshd:auth): received for user mtest: 9 (Authentication service cannot retrieve authentication info)
2013-05-28T22:13:04.597478+01:00 uk-xxxx-1 sshd[4172]: Failed password for mtest from xxx.xx.xx.xx port 52664 ssh2


Thanks