I wanted to enable Server (RH, SUSE, Solaris, HPUX) authentication and authorization thru IBM Tivoli Directory Server. Currently I am testing it for Red Hat Enterprise Edition 9.0 authentication. By running the utility called authconfig, I achieved the authentication.

Now when user tries to log into the server, before logging in, i want to do a check if he is authorized to log into that server.

But it has some limitations on the part of LDAP:
This LDAP is being used by different application. So i cannot create the same user under different branches. (Earlier i thought to create different branches for different servers and accordingly add users into respective braches, and give different respective base DNs to servers accordingly.)So there is only 1 entry present for a particular user in LDAP. Can I add Authorized server list in each user's entry and configure pam to use that attribute?