Allowing/Denying login by group
We are using an LDAP database to store user and group accounts. Currently any user in the database can login to any server. We have one server that hosts sensitive data and only certain users should be able to access it. I would like to create a group in LDAP, and allow only members of that group, login privileges to that server. I tried using /etc/login.access to achieve this, but even with the only line "-:ALL:ALL", anyone in LDAP can successfully login to the system. Any suggestions?