Description of problem:
When locking the screen with gnome-screensaver, followed by an unlock, the authentication attempt does not get logged if it's an LDAP user (a unix system user gets audited correctly). Now, when I initially login, using gdm, both LDAP and unix users get audited correctly, because I am assuming gdm does the actual auditing. In the case of gnome-screensaver, since it runs with the permissions of the user doing the lock and not root, it doesn't have permission to audit. In that case it relies on the individual pam modules to perform the auditing as is the case with pam_unix. pam_unix runs unix_chkpwd which has a setuid bit, which does the actual auditing if the uid is not 0. I was wondering if it makes sense to do something similar with pam_ldap, since I think it is important for screen unlocks to be properly audited. Maybe there needs to be an actual change to gnome-screensaver instead, since I am sure there are other pam modules with similar issues.

Version-Release number of selected component (if applicable):
gnome-screensaver - 2.28.3

How reproducible:
Reproducible every time

Steps to Reproduce:
1. Login with a user that gets authenticated through pam_unix
2. Lock the screen with gnome-screensaver
3. Enter password/unlock the screen
4. Check audit logs, see USER_AUTH message appears
5. Logout with unix user/login with a user that gets authenticated through pam_ldap
6. Lock the screen with gnome-screensaver
7. Enter password/unlock the screen
8. Check audit logs, no messages related to the unlock appear

Actual results:
No audit messages generated

Expected results:
A USER_AUTH audit message with a success/failure, similar to when unlocking with a unix user

Additional info:
Set as high, because security related