OpenLDAP and host acl

[Luca Gervasi]

Hello,

i'm deploying openldap as authentication method (pam_ldap) for a large number of hosts. 

I created a single "complex" tree like "dc=Users,dc=example,dc=net" and "dc=Hosts,dc=example,dc=net", containing various user classes and hosts.

I want that a user (cn=user1,dc=Users,dc=example,dc=net) can login to "cn=Host1,dc=Hosts,dc=example,dc=net" but not on "cn=Host2,dc=Hosts,dc=example,dc=net".

Please note that there is no 1:1 relation between users and hosts, it's more like an N:N. 

How can i achieve such result?

Thanks very much!

Luca