How do I list and modify the members of an LDAP group?
To list the members of a group on your directory server, specify the user/member attributes in your search filter. For example, to find all the members of the "Administrators" group:
ldap.DN = "CN=Administrators,CN=Builtin,DC=DOMAIN";
ldap.SearchScope = LdapSearchScopes.ssBaseObject;
ldap.Attributes.Add(new LDAPAttribute("member"));
ldap.Attributes.Add(new LDAPAttribute("memberUid"));
ldap.Attributes.Add(new LDAPAttribute("uniqueMember"));
ldap.Attributes.Add(new LDAPAttribute("objectClass"));
ldap.Search("objectClass=*");
To add or remove a particular user from the group membership, simply modify the "member" attribute of the group. For example, to remove "Tom H" from the Administrators group:
ldap.DN = "CN=Administrators,CN=Builtin,DC=JUNGLE";
LDAPAttribute attr = new LDAPAttribute("member", "CN=Tom H,CN=Users,DC=DOMAIN", LDAPAttributeModOps.amoDelete);
//above I use amoDelete. Use amoAdd to add Tom H to the group
ldap.Attributes.Add(attr);
ldap.Modify();
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.