Comment 5 for bug 297408

I'm having difficulty getting this to work even in a basic case. I built and patched the PAM modules (pam-1.1.1), and copied the resulting pam-1.1.1/modules/pam_group/.libs/pam_group.so to /lib/security . Even after a reboot (if even necessary?), rules in /etc/security/group.conf continue to work as long as they don't reference LDAP groups. However, I can't get LDAP groups to work. I don't see any errors or warnings in /var/log/auth.log . What else can I do to debug?

I'm testing on a VM of Lucid 10.04 beta 2.

Here is a test group and user I setup in OpenLDAP:

dn: cn=testPAMGroup,ou=groups,dc=test,dc=ziesemer,dc=com
cn: testPAMGroup
gidnumber: 2001
memberuid: mark-test
objectclass: posixGroup
objectclass: top

dn: cn=mark-test,ou=people,dc=test,dc=ziesemer,dc=com
cn: mark-test
gidnumber: 2000
givenname: Mark
homedirectory: /home/users/mark-test
loginshell: /bin/sh
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Ziesemer
uid: mark-test
uidnumber: 10003

Line added to /etc/security/group.conf :

*; *; %testPAMGroup; Al0000-2400; cdrom, audio, video

Test:

$ sudo su - mark-test
No directory, logging in with HOME=/
$ id
uid=10003(mark-test) gid=2000(users) groups=2000(users),2001(testPAMGroup)

Note that the session doesn't have any of the additional groups, e.g. cdrom.

If I replace the line in group.conf to :

*; *; mark-test; Al0000-2400; cdrom, audio, video

$ sudo su - mark-test
No directory, logging in with HOME=/
$ id
uid=10003(mark-test) gid=2000(users) groups=24(cdrom),29(audio),44(video),2000(users),2001(testPAMGroup)