Charles wrote: > I'd love to know how you will acheive this . I need to do the same Configure the LDAP module. Use LDAP-Group checking. authorize { ... if (LDAP-Group != "foo") { reject } ... }