How do I list and modify the members of an LDAP group?

To list the members of a group on your directory server, specify the user/member attributes in your search filter. For example, to find all the members of the "Administrators" group: ldap.DN = "CN=Administrators,CN=Builtin,DC=DOMAIN"; ldap.SearchScope = LdapSearchScopes.ssBaseObject; ldap.Attributes.Add(new LDAPAttribute("member")); ldap.Attributes.Add(new LDAPAttribute("memberUid")); ldap.Attributes.Add(new LDAPAttribute("uniqueMember")); ldap.Attributes.Add(new LDAPAttribute("objectClass")); ldap.Search("objectClass=*"); To add or remove a particular user from the group membership, simply modify the "member" attribute of the group. For example, to remove "Tom H" from the Administrators group: ldap.DN = "CN=Administrators,CN=Builtin,DC=JUNGLE"; LDAPAttribute attr = new LDAPAttribute("member", "CN=Tom H,CN=Users,DC=DOMAIN", LDAPAttributeModOps.amoDelete); //above I use amoDelete. Use amoAdd to add Tom H to the group ldap.Attributes.Add(attr); ldap.Modify();

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.