From the file :
n22 ~ # cat /etc/ldap.conf.sudo
# See ldap.conf(5) and README.LDAP for details\n"
# This file should only be readable by root\n\n"
But the group read bit is set too :
n22 ~ # ll /etc/ldap.conf.sudo
-r--r----- 1 root root 274 Jan 15 15:55 /etc/ldap.conf.sudo
... the "root" group bit you mean. no one should be in the "root" group.
Well, from the comment I'd expect that "root:root" had to be mentioned instead then.
OTOH I do not have too much experiences w/ removing that permission bit in the wild, but I thought it was worth to be pointed to.
4 years old ...