Fedora directory users - Dec 2005 - Host Access Based on Group Membership

I''ve been searching everywhere for the past week and haven''t
found a
solution.  I would like to be able to assign access to servers based
upon membership to a group or role.  For example, if I create a
group/role called "Web Servers", everyone in that group can access all
the web servers.  Everyone in the group/role "Database Servers" would
be
allowed to log into the database servers.  Users can be part of multiple
groups.
 
There has to be a way to do this already.  All the clients are running
OpenLDAP and can already authenticate to the Directory Server.  To
implement this solution, would I have to change ldap.conf or
system-auth?
 
Thanks,
Jason