LDAP server set up question

I am not an LDAP expert, so i need assistance help setting up the LDAP server. I have a single LDAP server running RHEL 6.5. The machines that need to use this LDAP server for authentication can be classified in to the following groups -

                  Org 1 - Cluster 1 (m/c 1, m/c 2, m/c 3, m/c 4) , Cluster 2 (m/c 5, m/c 6, m/c 7), m/c 8
                  Org 2 - Cluster 3 (m/c 9, m/c 10, m/c 11, m/c 12) , Cluster 4 (m/c 13, m/c 14, m/c 15), m/c 16
                  Org 3 - Cluster 5 (m/c 17, m/c 18, m/c 19, m/c 20)

A little more details on this set up -
Org 1, Org 2 and Org 3 are considered to be separate group of companies or departments.
Between Org 1, Org 2 and Org 3 - may share the same users (I don’t mind if the users are stored as two different users in LDAP under different orgs)
Each m/c in the above configuration run a RHEL 6.5.
And when I mean a cluster of machines for e.g. m/c 1, m/c 2, m/c 3 and m/c 4 consider this as a single app such as Hadoop or Pentaho, so if a user is granted access to this cluster then the user should have access to all the four machines.
Apart from the cluster of machines the set up will also contain individual machines like m/c 8 and m/c 16.
The level of access that needs to be controlled is at a Org -> Cluster level. For e.g. let's say a user 1 belongs to Org 1, if he is granted access to Cluster 1, then that person should only be able to login to m/c 1, m/c 2, m/c 3 and m/c 4. Machines 5 - 8 should remain inaccessible to user 1.

What is the best practice to implement such a set up ? I have to keep all the authentication in one LDAP server.
chavi1011Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
What is m/c  in your text? I see no explanation of it.

Using RHEL 6.5 will be expensive as you need EUS subscription, not the normal one.
chavi1011Author Commented:
m/c (machine) stands for a RHEL 6.5 Linux machine. I am not worried about the cost as well.
gheistCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
chavi1011Author Commented:
Thanks. the guide has all the details
gheistCommented:
It is a bit lengthy, but still much better than sticking PAM manuals together
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.