Group Management with the Nodinite LDAP Web API
Comprehensive group management operations for LDAP directories using the Nodinite LDAP Web API. This page covers all 9 group-specific operations with detailed XML examples.
✅ CRUD Operations: Select, Create, Update, Delete groups
✅ Organization: Rename and Move groups between OUs
✅ Membership Management: Add, Remove, and Select members
✅ Batch Support: Process multiple groups in single operations
✅ Flexible Queries: Use searchFilter for precise group targeting
Overview
Group operations are available in the Operations section of the Group record within the request message. All operations utilize the With record to define search criteria and scope.
The group-related operations are structured in the request schema under the Group entity type.
Operations Summary
| Operation | Description | Multiple Records |
|---|---|---|
| Select | Retrieve group records from LDAP | ✅ Yes |
| Create | Create new group with properties | ❌ No |
| Update | Update existing group properties | ✅ Yes |
| Delete | Delete group records | ✅ Yes |
| Rename | Rename group (CN part) | ❌ No |
| MoveTo | Move groups to different OU | ✅ Yes |
| Add | Add member(s) to group(s) | ✅ Yes |
| Remove | Remove member(s) from group(s) | ✅ Yes |
| SelectMembers | Retrieve group membership details | ✅ Yes |
Select
The Select operation retrieves group objects from the LDAP catalog using the search criteria provided in the With record.
Example: Select all groups in an OU
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
<Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
<Group>
<With OU="Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree"
returnProperties="name,description" />
<Operations>
<Select/>
</Operations>
</Group>
</Batch>
</Batches>
</ns0:LDAP>
💡 Tip: Use additional filters via the
searchFilterattribute (see Request Schema) to refine your query.
Create
The Create operation creates a new group within an OU found using the With record search criteria.
Attributes
name (required)
The common name (CN part) of the group to be created.
allowUpdateIfExists (optional)
Allow the group to be updated with the properties collection content if the group already exists. When false (default), the create operation will fail if the group already exists.
Properties Element
The name-value pair collection with attributes for the group object to be set by the operation.
Example: Create a new group with description
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
<Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
<Group>
<With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Base"/>
<Operations>
<Create name="LDAP Adapter Users">
<Properties>
<Property name="description" value="Mighty People."/>
</Properties>
</Create>
</Operations>
</Group>
</Batch>
</Batches>
</ns0:LDAP>
The response shows the OU found and the group created within this OU.
Update
The Update operation modifies existing group properties for one or multiple groups returned by the query.
Properties Element
The attributes to be updated are provided in the name-value properties collection.
Example: Update group description
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
<Batch transactionScopeOption="Required" continueOnError="false"
guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<Group>
<With CN="CN=LDAP Adapter Users" OU="OU=Old hackers" DC="DC=ibiz,DC=local"
searchScope="Base" expectedMatchCount="1"/>
<Operations>
<Update>
<Properties>
<Property name="description" value="Secret society."/>
</Properties>
</Update>
</Operations>
</Group>
</Batch>
</Batches>
</ns0:LDAP>
📌 Note: The response shows data before and after the operation.
Delete
The Delete operation removes group(s) returned by the With query part.
⚠️ Warning: The LDAP adapter will automatically remove child objects in the correct order. This may break expected behavior - always use
expectedMatchCountto ensure the adapter behaves as you expect.
Example: Delete a specific group
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
<Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
<Group>
<With CN="CN=LDAP Adapter Users" OU="OU=Old hackers" DC="DC=ibiz,DC=local"
searchScope="Base" expectedMatchCount="1"/>
<Operations>
<Delete/>
</Operations>
</Group>
</Batch>
</Batches>
</ns0:LDAP>
The response SearchResult displays the group found for deletion, and the operation result confirms deletion.
Rename
The Rename operation changes the name (CN part) of a group. This operation requires exactly one group in the search results.
Attributes
name (required)
The new name for the group object.
⚠️ Warning: Multiple records found will raise an exception. Make sure to limit your search query to exactly 1 group.
Example: Rename a group
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
<Batch guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<Group>
<With CN="CN=LDAP Adapter Users" OU="OU=Old hackers" DC="DC=ibiz,DC=local"
searchScope="Base" expectedMatchCount="1" returnProperties="name,description,whenChanged"/>
<Operations>
<Rename name="Users of the LDAP Adapter"/>
</Operations>
</Group>
</Batch>
</Batches>
</ns0:LDAP>
MoveTo
The MoveTo operation moves groups found by the With search criteria to the destination OU specified in the operation arguments.
Attributes
DC (required)
Domain Component for the destination.
OU (required)
Organizational Unit path for the destination.
CN (optional)
Common Name for the destination.
✅ Feature: Multiple records are supported in a single request.
Example: Move a group to another OU
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
<Group>
<With CN="CN=LDAP Adapter Users" OU="OU=Old hackers" DC="DC=ibiz,DC=local"
searchScope="Subtree"/>
<Operations>
<MoveTo OU="OU=3l1t hackers,OU=Old hackers" DC="DC=ibiz,DC=local"/>
</Operations>
</Group>
</Batch>
</Batches>
</ns0:LDAP>
Add
The Add operation adds member(s) to group(s). If the member already belongs to the group, the operation is skipped.
Member Element
You must specify which member(s) to add using the Member record.
CN (optional)
Common name of the member to be added.
OU (optional)
OU part of the member to be added.
DC (required)
Domain component part.
Example: Add a user to all groups starting with "LDAP"
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
<Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
<Group>
<With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree"
expectedMatchCount="*" searchFilter="(name=LDAP*)"/>
<Operations>
<Add>
<Member CN="CN=Jane Doe" OU="OU=Old hackers" DC="DC=ibiz,DC=local" />
</Add>
</Operations>
</Group>
</Batch>
</Batches>
</ns0:LDAP>
Remove
The Remove operation removes member(s) from group(s). If the member is not part of the group, the operation is skipped.
Member Element
You must specify which member(s) to remove using the Member record.
CN (optional)
Common name of the member to be removed.
OU (optional)
OU part of the member to be removed.
DC (required)
Domain component part.
Example: Remove a user from all groups starting with "LDAP"
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
<Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
<Group>
<With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree"
expectedMatchCount="*" searchFilter="(name=LDAP*)"/>
<Operations>
<Remove>
<Member CN="CN=Jane Doe10" OU="OU=Old hackers" DC="DC=ibiz,DC=local" />
</Remove>
</Operations>
</Group>
</Batch>
</Batches>
</ns0:LDAP>
SelectMembers
The SelectMembers operation retrieves information about members in groups found by the query.
Example: Get members of all groups in an OU
<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
<Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
<Batch guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
<Group>
<With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree"
returnProperties="name, description" />
<Operations>
<SelectMembers/>
</Operations>
</Group>
</Batch>
</Batches>
</ns0:LDAP>
💡 Tip: Use the
searchFilterattribute (see Request Schema) to customize your query.
📌 Note: Members, if any, are listed per group in the
SearchResultrecord. Groups can contain both users and other groups as members.
Next Step
- Review the Request Schema for complete message structure
- Explore the Response Schema for understanding operation results
- Learn about User Management operations
- Check Logging for troubleshooting and auditing