Hey there, running Slapd on Centos 6.3 over Start_tls. Works great, users can login to their ldap accounts through terminal and through the GUI. Awesome. Next thing I was asked to do was to restrict certain users/groups to be able to access certain services. For example: I want anyone in the IT group to be able to SSH to any of our servers. I want anyone in the Agents group to be denied access to SSH anywhere. And another example, I want everyone in the ServiceDesk group to be able to access any FTP server but nobody else. I have been following this guide for SSH: http://www.cyberciti.biz/tips/linux...allows-or-deny-login-via-the-sshd-server.html No matter what, I am always able to login with those users. Am I possibly not reading the right information? Is this even possible? Is there maybe a way I can do this by hosts? For example: Anyone in the agents group cannot connect to 192.168.5.5 on port 22? or better yet Anyone in the Agent's group cannot connect to 192.168.5.0/24 port 22 ? 192.168.5.0 is our server network. Agents rest on the 192.168.2.0 (office network). We can create firewall rules to deny access from office -> server, but when my lead requested this from me I assumed he was looking for something more than just firewall rules. Anyone else able to help out with this?