We are discussing about PAM used Zentyal server side: say, f.i. you have an application or service relying on server's operating system for authentication. If PAM is not activated on this server, then only "local" users will have access to this service or application while if PAM is used and configured, e.g. to rely on LDAP, accounts managed in LDAP will be able to authenticate and be seen, (from authentication standpoint, as "local like" accounts. Clearer now?