OpenLDAP with host based Access Control?

[zstar69]

Hey there, running Slapd on Centos 6.3 over Start_tls. Works great, users can login to their ldap accounts through terminal and through the GUI. Awesome.

Next thing I was asked to do was to restrict certain users/groups to be able to access certain services.

For example:

I want anyone in the IT group to be able to SSH to any of our servers.
I want anyone in the Agents group to be denied access to SSH anywhere.

And another example,

I want everyone in the ServiceDesk group to be able to access any FTP server but nobody else.

I have been following this guide for SSH:

http://www.cyberciti.biz/tips/linux-...hd-server.html

No matter what, I am always able to login with those users.

Am I possibly not reading the right information? Is this even possible?

Is there maybe a way I can do this by hosts?

For example: Anyone in the agents group cannot connect to 192.168.5.5 on port 22? or better yet Anyone in the Agent's group cannot connect to 192.168.5.0/24 port 22 ?

192.168.5.0 is our server network. Agents rest on the 192.168.2.0 (office network). We can create firewall rules to deny access from office -> server, but when my lead requested this from me I assumed he was looking for something more than just firewall rules.

Anyone else able to help out with this?