The PAM user mapping plugin doesn't currently seem to log any information to /var/log/secure. It would probably be helpful if the plugin had some way to enable verbose logging during testing, so that it would be easier to debug configuration problems.
I expect the best way to implement this would be to create one or more module arguments for the plugin that controls logging. PAM module arguments are explained here:
For example, maybe a configuration like this could enable very verbose debugging logging to /var/log/secure:
Or if we wanted the ability to specify a specific log, maybe we could do something like this:
But these are just suggestions.