Comment 6 for bug 297408

Thanks to Edward for a note concerning the use of whitespace. It is now working for me, as long as there is no space padded around the LDAP group. I.E., ...;%testPAMGroup;... works, but ...; %testPAMGroup;... doesn't.

Testing with "sudo login" then works by default. Usage under "sudo su - mark-test" only works if "auth optional pam_group.so" is added to the top of /etc/pam.d/su (before pam_rootok.so). Similar edits are needed to support SSH logins, etc. (Is there a better place to add this, such as into common-auth - while considering the required placement in su before pam_rootok.so?)