Soft-deleted entries can be modified like any regular entry. The only restriction is that you cannot change the distinguished name (DN) or run a moddn operation. To move a soft-deleted entry from one machine to another, use the move-subtree command and specify the DN of the soft-deleted entry.


To modify a soft-deleted entry, the user needs the soft-delete-read privilege to access the soft-deleted entry.

  • To modify a soft-deleted entry, run the ldapmodify command and specify the soft-deleted DN.
    $ bin/ldapmodify
    dn: entryUUID=4e9b7847-edcb-3791-b11b-7505f4a55af4+uid=user.1,ou=People,dc=example,dc=com
    telephoneNumber: +1 390 103 6918
    # Processing MODIFY request for entryUUID=4e9b7847-edcb-3791-b11b-7505f4a55af4+uid=user.1,ou=People,dc=example,dc=com
    # MODIFY operation successful for DN entryUUID=4e9b7847-edcb-3791-b11b-7505f4a55af4+uid=user.1,ou=People,dc=example,dc=com