Thank you for your response and I accept your explanation.
Here's why I'm concerned: this particular internal site has SSH client users who will be confused by an apparent successful authentication (password accepted without feedback) followed by an abrupt, uninformative disconnect.
FYI, with the pam_ldap-185-11.el6.x86_64 based configured with the following in /etc/pam_ldap.conf on RHEL 6.4
pam_groupdn cn=GoodUsers,ou=x,ou=y,o=z
and the same sshd package, I get the following when the test group isn't available in the LDAP tree:
[test-client Desktop]$ ssh test-server
You must be a member of cn=GoodUsers,ou=x,ou=y,o=z to login.
Connection closed by 111.222.123.45
[test-client Desktop]$
But when /etc/security/access.conf is configured with precedence in /etc/pam.d/ files, the disconnect is also abrupt like SSS.