- 13 minutes to read

User Management with the Nodinite LDAP Web API

Comprehensive user management operations for LDAP directories using the Nodinite LDAP Web API. This page covers all 16 user-specific operations with detailed XML examples.

CRUD Operations: Select, Create, Update, Delete users
Account Management: Enable, Disable, Rename, Move users
Group Operations: GetGroupMembership, AddToGroups, RemoveFromGroups
Advanced Queries: SelectActive, SelectDisabled, SelectByDate
Batch Support: Process multiple users in single operations

Overview

User operations are available in the Operations section of the User record within the request message. All operations utilize the With record to define search criteria and scope.

The user-related operations are structured in the request schema under the User entity type

The user-related operations are structured in the request schema under the User entity type.

Operations Summary

Operation Description Multiple Records
Select Retrieve user records from LDAP ✅ Yes
Create Create new user with properties and password ❌ No
Update Update existing user properties ✅ Yes
Delete Delete user records ✅ Yes
Rename Rename user (CN part) ❌ No
MoveTo Move users to different OU ✅ Yes
GetGroupMembership Retrieve group memberships ✅ Yes
AddToGroups Add users to one or more groups ✅ Yes
RemoveFromGroups Remove users from groups ✅ Yes
SelectActive Get all active (enabled) users ✅ Yes
SelectDisabled Get all disabled users ✅ Yes
Enable Enable disabled user accounts ✅ Yes
Disable Disable active user accounts ✅ Yes
SelectByDate Query users by date property ✅ Yes
Recover ⚠️ Not implemented in v1.0 ❌ No
SelectDeleted ⚠️ Not implemented in v1.0 ❌ No

Select

The Select operation retrieves user records from the LDAP catalog using the search criteria provided in the With record.

Example: Select users by CN

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">          
    <Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
      <User>
        <With CN="CN=Michael Olsson" OU="OU=Users,OU=Karlstad" DC="DC=ibiz,DC=local"/>
        <Operations>          
          <Select/>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

💡 Tip: Use the returnProperties attribute (see Request Schema) to limit the number of properties returned from the query.

Create

The Create operation creates a new user within an OU found using the With record search criteria.

Attributes

name (required)
The common name (CN part) of the user to be created.

flags / removeflags (optional)
User account control flags as described in MSDN: User-Account-Control Attribute.
Combine multiple flags with commas (no whitespaces): ADS_UF_LOCKOUT,ADS_UF_PASSWD_NOTREQD

⚠️ Warning: Not all flag combinations are valid!

Password Element

The Password element is optional in the schema but may be required depending on your LDAP catalog policies.

📌 Note:

  • Special connection settings and user rights may be needed for password operations (see configuration chapter)
  • Passwords must meet complexity, length, and policy requirements of the target LDAP catalog
  • Operation will fail if password requirements are not met

Example: Create user with password and properties

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="B7A211D7-20F3-44BC-B078-7F1B6E1C047F" returnReponseMessageOnExceptions="true">
    <Batch guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" continueOnError="false">
      <User>
        <With OU="OU=Old Hackers" DC="DC=ibiz,DC=local" searchScope="Base" 
expectedMatchCount="1" returnProperties="name,description" />
        <Operations>
         <Create name="Jane Doe13">            
            <Password>Password_0!%¤"#¤</Password>
            <Properties>
              <Property name="description" value="Description set from LDAP Adapter from Integration Software." contentType="String"/>
            </Properties>
          </Create>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

💡 Tip: Create operation supports special handling of thumbnailPhoto and jpegPhoto attributes (see Properties section).

Update

The Update operation modifies existing user records. Structurally similar to Create, but supports updating multiple records in one operation.

Key Features

Multiple Records: Update all users matching search criteria
Multi-valued Attributes: Set multiple values for attributes like url
Multiple Operations: Chain operations (later operations can overwrite earlier ones)
Blank Attributes: Remove attribute values by setting empty string

Example: Update multiple users with multi-valued attributes

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
    <Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
      <User>
        <With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
searchFilter="(name=j*)"/>
        <Operations>
          <Update>
            <Properties>
              <Property name="url" value="http://www.example1.com" contentType="String"/>
              <Property name="url" value="http://www.example2.com" contentType="String"/>
              <Property name="description" value="First description" contentType="String"/>
            </Properties>
          </Update>
          <Update>
            <Properties>
              <Property name="description" value="Second description overwrites first" contentType="String"/>
              <Property name="mail" value="" contentType="String"/>
            </Properties>
          </Update>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

📌 Note: Setting an attribute to blank (value="") removes all values for multi-valued attributes.

Delete

The Delete operation removes one or more users from the LDAP catalog based on the With record search criteria.

Example: Delete user by CN

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
    <Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
      <User>
        <With CN="CN=Jane Doe9" OU="OU=Old Hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
expectedMatchCount="1" returnProperties="name,description"/>
        <Operations>
          <Delete/>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

The response SearchResults record shows users found for deletion, and OperationResult displays users that were actually deleted.

Rename

The Rename operation changes the name (CN part) of a user. The target name must not already exist, or the operation will fail.

Attributes

name (required)
The new name for the user object. Since only one object can have this unique name, this operation only works with single-record searches.

Example: Rename user from John Doe to Jane Doe

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
    <Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
      <User>
        <With CN="CN=John Doe" OU="OU=Old Hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
expectedMatchCount="1" returnProperties="name,description"/>
        <Operations>
          <Rename name="Jane Doe"/>          
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

MoveTo

The MoveTo operation moves users found by the With search criteria to the destination OU specified in the operation arguments.

Attributes

DC (required)
Domain Component for the destination.

OU (required)
Organizational Unit path for the destination.

CN (optional)
Common Name for the destination (rarely used for user moves).

Example: Move all users from one OU to another

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">          
    <Batch transactionScopeOption="Required" continueOnError="false" 
guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
      <User>
        <With OU="OU=3l1t hackers,OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
searchFilter="(objectClass=user)(name=j*)"/>
          <Operations>
            <MoveTo OU="OU=Old hackers" DC="DC=ibiz,DC=local"/>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

The response OperationResult shows the destination OU and count of users moved.

GetGroupMembership

The GetGroupMembership operation retrieves the distinguishedName of all groups for the users found in the search.

Example: Get group memberships for users

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">          
    <Batch transactionScopeOption="Required" continueOnError="false" 
guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
      <User>
        <With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
returnProperties="name,description"/>
          <Operations>
            <GetGroupMembership/>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

📌 Note:

  • A user can belong to 0 or more groups
  • The memberOf attribute is always included in SearchResult (if user has group membership), independent of the returnProperties attribute

AddToGroups

The AddToGroups operation adds users found in the search to one or more specified groups.

💡 Tip: If a user is already a member of a group, the add operation is skipped, but the result shows success.

Example: Add all users with names starting with 'j' to two groups

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">          
    <Batch continueOnError="false" guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
      <User>
        <With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
searchFilter="(name=j*)"/>
          <Operations>
            <AddToGroups>
              <Group CN="CN=ateam" OU="OU=Old hackers" DC="DC=ibiz,DC=local"/>                
              <Group CN="CN=bteam" OU="OU=Old hackers" DC="DC=ibiz,DC=local"/>
            </AddToGroups>            
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

The response SearchResult shows users found, and OperationResult lists the groups they were added to.

RemoveFromGroups

The RemoveFromGroups operation removes users found in the search from one or more specified groups.

💡 Tip: If a user is not a member of a group, the remove operation is skipped, but the result shows success.

Example: Remove all users with names starting with 'j' from two groups

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">          
    <Batch continueOnError="false" guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
      <User>
        <With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
searchFilter="(name=j*)"/>
          <Operations>
            <RemoveFromGroups>
              <Group CN="CN=ateam" OU="OU=Old hackers" DC="DC=ibiz,DC=local"/>                
              <Group CN="CN=bteam" OU="OU=Old hackers" DC="DC=ibiz,DC=local"/>
            </RemoveFromGroups>            
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

SelectActive

The SelectActive operation retrieves all active (not disabled) users matching the With search criteria.

Example: Get all active users in an OU

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">          
    <Batch transactionScopeOption="Required" continueOnError="false" 
guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
      <User>
        <With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
returnProperties="name,description"/>
          <Operations>
            <SelectActive/>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

SelectDisabled

The SelectDisabled operation retrieves all disabled users matching the With search criteria.

Example: Get all disabled users in an OU

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">          
    <Batch transactionScopeOption="Required" continueOnError="false" 
guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
      <User>
        <With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
returnProperties="name,description"/>
          <Operations>
            <SelectDisabled/>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

Enable

The Enable operation enables disabled user accounts matching the With search criteria.

Example: Enable disabled users

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">          
    <Batch transactionScopeOption="Required" continueOnError="false" 
guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
      <User>
        <With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
returnProperties="name,description"/>
          <Operations>
            <Enable/>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

📌 Note: The SearchResult record displays all users found in the query, and OperationResult contains users that were enabled.

Disable

The Disable operation disables active user accounts matching the With search criteria.

Example: Disable an active user (expects at least one match)

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">
    <Batch guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D">
      <User>
        <With CN="CN=Jane Doe" OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
expectedMatchCount="*"/>
          <Operations>
            <Disable/>
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

📌 Note: The SearchResult record displays all users found in the query, and OperationResult contains users that were disabled.

💡 Tip: You can combine the Disable operation with Update and other operations in the same batch.

SelectByDate

The SelectByDate operation returns users based on a datetime property search.

Attributes

propertyName (required)
The name of the datetime property to search (e.g., whenCreated, whenChanged).

relationalOperator (required)
Valid values: =, >=, <=, ~=
See MSDN: Search Filter Syntax

value (required)
The UTC datetime value in ISO 8601 format.

⚠️ Warning: Times in LDAP are stored in UTC format. You must convert from your local timezone to UTC before sending the request. See DateTime.ToUniversalTime.

Example: Get all users changed after a specific date

<ns0:LDAP xmlns:ns0="http://integrationsoftware.se/BizTalk/Adapters/LDAP/Request/1.0">
  <Batches guid="2B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8D" returnReponseMessageOnExceptions="true">          
    <Batch guid="3B25B9E6-4AF2-4094-9AE7-E1E4C99B6C8E">
      <User>
        <With OU="OU=Old hackers" DC="DC=ibiz,DC=local" searchScope="Subtree" 
returnProperties="name,description,distinguishedName,whenCreated,whenChanged"/>
          <Operations>
            <SelectByDate propertyName="whenChanged" relationalOperator=">=" 
value="2013-10-18T08:00:00" />
        </Operations>
      </User>
    </Batch>
  </Batches>
</ns0:LDAP>

Recover

⚠️ Warning: The Recover operation does not work in version 1.0 and will throw a NotImplementedException. Do not call this method!

The Recover operation is intended to restore deleted users within the tombstone time limit.

SelectDeleted

⚠️ Warning: The SelectDeleted operation does not work in version 1.0 and will throw a NotImplementedException. Do not call this method!

Next Step