diff --git a/actions/ldap b/actions/ldap
index 381c2aa7e..b6c2ae69b 100755
--- a/actions/ldap
+++ b/actions/ldap
@@ -92,13 +92,29 @@ get_user_groups()
 }
 
 
+add_group()
+{
+    groupname="$1"
+
+    ldapsearch -Q -L -L -L -Y EXTERNAL -H ldapi:/// -s base -b "cn=${groupname},dc=thisbox" || ldapaddgroup "${groupname}" > /dev/null 2>&1
+}
+
+
+remove_group()
+{
+    groupname="$1"
+
+    ldapsearch -Q -L -L -L -Y EXTERNAL -H ldapi:/// -s base -b "cn=${groupname},dc=thisbox" && ldapdeletegroup "${groupname}" > /dev/null 2>&1
+}
+
+
 add_user_to_group()
 {
     username="$1"
     groupname="$2"
 
     # Try to create group and ignore failure if group already exists
-    ldapaddgroup $groupname > /dev/null 2>&1 || true
+    add_group "${groupname}"
 
     ldapaddusertogroup $username $groupname > /dev/null
 
@@ -149,6 +165,12 @@ case $command in
     remove-user-from-group)
         remove_user_from_group "$@"
     ;;
+    add-group)
+        add_group "$@"
+    ;;
+    remove-group)
+        remove_group "$@"
+    ;;
     *)
         echo "Invalid sub-command"
         exit -1
diff --git a/plinth/action_utils.py b/plinth/action_utils.py
index 019366b96..ba3aec1c1 100644
--- a/plinth/action_utils.py
+++ b/plinth/action_utils.py
@@ -18,8 +18,8 @@
 Python action utility functions.
 """
 
-import os
 import logging
+import os
 import shutil
 import socket
 import subprocess
diff --git a/plinth/modules/users/__init__.py b/plinth/modules/users/__init__.py
index fc691c81f..30e2212dc 100644
--- a/plinth/modules/users/__init__.py
+++ b/plinth/modules/users/__init__.py
@@ -84,3 +84,11 @@ def _diagnose_ldap_entry(search_item):
 
     return [_('Check LDAP entry "{search_item}"')
             .format(search_item=search_item), result]
+
+
+def add_group(group):
+    actions.superuser_run("ldap", options=["add-group", group])
+
+
+def remove_group(group):
+    actions.superuser_run("ldap", options=["remove-group", group])