I did follow the HowTo: Netgroups and was able to get that working. But my question is whether I can just use ldap groups with access.conf? If I have to use netgroups, do you have a mechanism to add the host/user entries to nisNetgroupTriple in a semi-automated way other than just do ldapmodify f <filename>?