It caused both lines 72 (Correct place) and 109 (Incorrect Place) to read "UsePAM yes"
Line 72 is within the block:
62 # Set this to 'yes' to enable PAM authentication, account processing,
63 # and session processing. If this is enabled, PAM authentication will
64 # be allowed through the ChallengeResponseAuthentication and
65 # PasswordAuthentication. Depending on your PAM configuration,
66 # PAM authentication via ChallengeResponseAuthentication may bypass
67 # the setting of "PermitRootLogin without-password".
68 # If you just want the PAM account and session checks to run without
69 # PAM authentication, then enable this but set PasswordAuthentication
70 # and ChallengeResponseAuthentication to 'no'.
71
72 UsePAM yes
73
74 AllowAgentForwarding yes
75 #AllowTcpForwarding yes
76 X11Forwarding yes
77 #X11DisplayOffset 10
78 #X11UseLocalhost yes
79 #PermitTTY yes
Line 109 is within a "match block" (illegal option for match block):
98 # Allow client to pass locale environment variables
99 AcceptEnv LANG LC_*
100
101 # override default of no subsystems
102 Subsystem sftp /usr/lib/openssh/sftp-server
103
104 Match user virsh
105 X11Forwarding no
106 AllowTcpForwarding no
107 PermitTTY no
108 ForceCommand nc -q 0 -U /var/run/libvirt/libvirt-sock
109 UsePAM yes
https://github.com/ajanis/ansible-openldap/blob/4ecc4a36562639197a78e55868285d0a4d090acc/tasks/ldap_autofs_install.yml#L35
It caused both lines 72 (Correct place) and 109 (Incorrect Place) to read "UsePAM yes"
Line 72 is within the block:
Line 109 is within a "match block" (illegal option for match block):