Hello All:
   I am in the process of migrating from OpenLDAP to Fedora Directory Server. Actually most of my testing has been with the RH/CentOS spins, but it appears to be very similar.

  So far I've gotten the main things working:
1) Host based access via AuthorizedHost
2) Service based access via AuthorizedService
3) AIX/Linux <-> LDAP
4) PosixGroup support
 
  The one thing I would like is to have group based host access control. E.g., I would like to define a new LDAP group (say, DBA-Production) that includes a bunch of host entries. When needed, I could add a user to the DBA-Production group and automatically give him/her access to the list of defined hosts. Anyone have suggestions on how to approach this?

Thanks,
Kwan