>We have currently about 500 users in our OpenLDAP Directory, and a lot >of groups. Is there any possibility to allow only one or some groups >access to a server per ssh/shell/...? Yes, you want to look at pam_listfile, but that has nothing to do with OpenLDAP. pam_ldap may do this natively as well, but thats a question for the nis-ldap list over at PADL, again, not specific to OpenLDAP.