Is it possible to set up Linux (and Solaris) SSH server to authenticate users in this way:

i.e. user john is a member of the group Project1_Developers in the Active Directory.

we have something on the server A (running Linux, the server has an access to the AD via i.e. LDAP) in the SSH server LDAP (or other module) authentication config like root=Project1_Developers,Company_NIX_Admins.

when john connects to the server A using his username "john" and domain password, the server checks the john's group in the domain and if the group is "Project1_Developers" or "Company_NIX_Admins", makes him locally as a root with a root privileges.

The idea is also to have only a "root" and a system users on the server, without adding user "john" to all servers where John can log in.

Any help or the idea how to make the above or something similar to the above? Preferred using AD but any other similar solution is also possible.

p.s. please don't open a discussions is it secure to login via ssh as root or not, thanks :)