Disable local user PAM, enable root user with LDAP

I am trying to set up a Linux machine with LDAP authentication and root account enabled. There is no issue with the LDAP server and everything works fine. I wanted to disable local users, so I tried editing PAM. I tried using pam-auth-update and unticking the "Unix authentication". Local users are successfully denied, but so is the root account. I am now trying different things at the pam.d files, but it seems I screwed up multiple times and don't know what am I doing. Editing the /etc/pam.d/common-auth file:

auth		sufficient	pam_rootok.so

After I added this line, there is no password prompt and it logs in directly.

auth     pam_succeed_if.so    uid = 0 quiet

I added this line and it does nothing. I am now reading the PAM configuration.  Could anyone help me understand and solve my problem?