Running a search using the soft delete entry access control
The following examples use the --includeSoftDeleteEntries {with-non-deleted-entries | without-non-deleted-entries |
deleted-entries-in-undeleted-form} option, which uses the soft delete entry access control.
About this task
You can use the --control option with the soft delete entry access control symbolic name, softdeleteentryaccess, or the --control option with the actual soft delete entry access control OID, 1.3.6.1.4.1.30221.2.5.24.
Steps
-
To return only soft-deleted entries, run
ldapsearchusing the--includeSoftDeletedEntriesoption with the value ofwithout-non-deleted-entries.Example:
$ bin/ldapsearch --baseDN dc=example,dc=com \ --includeSoftDeletedEntries without-non-deleted-entries \ --searchScope sub "(objectclass=*)" -
To return non-deleted entries along with soft-deleted entries, run
ldapsearchusing the--includeSoftDeletedEntriesoption with the value ofwith-non-deleted-entries.Example:
$ bin/ldapsearch --baseDN dc=example,dc=com \ --includeSoftDeletedEntries with-non-deleted-entries \ --searchScope sub "(objectclass=*)" -
To return only soft-deleted entries in undeleted form, run
ldapsearchusing the--includeSoftDeletedEntriesoption with the value ofdeleted-entries-in-undeleted-form.Some applications require access to all entries in the server, including both active and soft-deleted entries.
Example:
The following command returns all entries that were soft-deleted but presents it in a form that is similar to a regular entry with the soft-delete DN in comments. This regular entry format does not show the actual soft-deleted DN but displays it in an "undeleted" form even though it is not actually "undeleted". The object class,
ds-soft-delete-entry, is also not displayed.$ bin/ldapsearch --baseDN dc=example,dc=com \ --includeSoftDeletedEntries deleted-entries-in-undeleted-form \ --searchScope sub "(ds-soft-delete-from-dn=*)" # Soft-deleted entry DN: # entryUUID=2b5511e2-7616-389b-ab0c-025c805ad32c+uid=user.14,ou=People,dc=exam- ple,dc=com dn: uid=user.14,ou=People,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson postalAddress: Abdalla Abdou$78929 Hillcrest Street$Elmira, ME 93080 postalCode: 93080 description: This is the description for Abdalla Abdou. uid: user.14 userPassword: {SSHA}7GkzWiMiU12m5m+xBV+ZsoX3gVacMcRtSwDTFg== employeeNumber: 14 initials: AFA givenName: Abdalla pager: +1 307 591 4870 mobile: +1 401 069 1289 cn: Abdalla Abdou sn: Abdou telephoneNumber: +1 030 505 6190 street: 78929 Hillcrest Street homePhone: +1 119 487 2328 l: Elmira mail: user.14@maildomain.net st: ME