Hi stefano,
I am trying to do similar what you have already done. I use AD for user authentication and trying to authorize users via our openldap based on group id (gid), I want to allow uses if they are exist in our LDAP from gid let say (600-700), if they are not in this range reject them with message "user doe not exist in LDAP". Do you have any suggestion or example ?