I have implemented LDAP on CentOS successfully using Redhat's Directory Server and the great how-to on the CentOS wiki. Being new to LDAP, I have a question and maybe one of you guys can point me in the right direction: I have LDAP implemented on the network for logins to the workstation pcs. I also have an apache website that I now use LDAP for authentication. What I want, however, is to be able to allow a group of users to authenticate to the apache website, but not be able to login to any of the systems directly nor via ssh. Any suggestions or pointers in the right direction on where to read up on how to accomplish this specific task would be much appreciated. Thanks, Giovanni