??? What arew you all talking about?
Just give all executables a 770 permission and create a group per software/software class. Then, add all allowed users to said groups (this is the part LDAP _can_ help). Rhat's all ...
Cheers, Ralf Mattes
P.S.: what happened to the good ol' unix culture? ;-)