PingDirectory

Soft delete controls and tool options

See the following tables for summaries of soft delete controls and tools.

Soft delete OIDs

The following table shows the Object Identifier (OID) for each soft delete control. The soft delete OIDs are defined in the LDAP SDK generated API documentation.

OID Type OID

Soft Delete Request Control

Step 1.3.6.1.4.1.30221.2.5.20

Soft Delete Response Control

Step 1.3.6.1.4.1.30221.2.5.21

Hard Delete Request Control

Step 1.3.6.1.4.1.30221.2.5.22

Soft Undelete Request Control

Step 1.3.6.1.4.1.30221.2.5.23

Soft Delete Entry Access Control

Step 1.3.6.1.4.1.30221.2.5.24

Soft delete tool options

The following table shows the new tool options available for the soft delete operations.

Operation Options

ldapdelete/ ldapmodify

--useSoftDelete/-s. Process DELETE operations with the Soft Delete Request Control, whereby entries are renamed and hidden instead of being permanently deleted. The PingDirectory server must be configured to allow soft deletes.

Any entries in the LDIF file with the changetype of delete are processed as a soft-delete request.

ldapdelet

--useHardDelete. Process DELETE operations with the Hard Delete Request Control, which bypasses any soft delete policies and processes the delete request immediately without retaining the entry as a soft-deleted entry. The PingDirectory server must be configured to allow soft deletes.

ldapsearch

--includeSoftDeletedEntries \{with-non-deleted-entries | without-non-deleted-entries | deleted-entries-in-undeleted-form}. Process search operations with the soft delete entry access control. Soft delete search options are as follows:

with-non-deleted-entries

Returns all entries matching the search criteria with the results, including non-deleted and soft-deleted entries.

without-non-deleted-entries

Returns only soft-deleted entries matching the search criteria.

deleted-entries-in-undeleted-form

Returns only soft-deleted entries matching the search criteria with the results returned in their undeleted entry form.

Users must have access to the Soft Delete Entry Access Control to search for soft-deleted entries.

ldapmodify

--allowUndelete. Process ADD operations, which include the ds-undelete-from-dn attribute as undelete requests. Undelete requests re-add previously soft-deleted entries back to the server as non-deleted entries by providing the Undelete Request Control with the ADD operation. The PingDirectory server must be configured to allow soft deletes to process any undelete requests and the client user must have the soft-delete-read privilege.

Soft delete OID symbolic names using with the --control/-J option

The following table shows the symbolic names that can be used with the server’s LDAP commands using the --control/-J option.

Control Symbolic Name

Soft Delete Request Control

softdelete

Hard Delete Request Control

harddelete

Soft Undelete Request Control

undelete

Soft Delete Entry Access Control

softdeleteentryaccess