The following table shows the OIDs for each soft delete control. The Soft Delete OIDs are defined in the LDAP SDK generated API documentation.
OID Type OID
Soft Delete Request Control 1.3.6.1.4.1.30221.2.5.20
Soft Delete Response Control 1.3.6.1.4.1.30221.2.5.21
Hard Delete Request Control 1.3.6.1.4.1.30221.2.5.22
Soft Undelete Request Control 1.3.6.1.4.1.30221.2.5.23
Soft Delete Entry Access Control 1.3.6.1.4.1.30221.2.5.24
The following table shows the new tool options available for the Soft Delete operations.
Action Result
ldapdelete / ldapmodify

--useSoftDelete/-s. Process DELETE operations with the Soft Delete Request Control, whereby entries are renamed, and hidden instead of being permanently deleted. The Directory Server must be configured to allow soft deletes. Note that any entries in the LDIF file with the changetype of delete will be processed as a soft-delete request.

ldapdelete

--useHardDelete. Process DELETE operations with the Hard Delete Request Control, which bypasses any soft delete policies and processes the delete request immediately without retaining the entry as a soft-deleted entry. The Directory Server must be configured to allow soft deletes.

ldapsearch
--includeSoftDeletedEntries {with-non-deleted-entries | without-non-deleted-entries | deleted-entries-in-undeleted-form}. Process search operations with the Soft Delete Entry Access Control. Soft delete search options are as follows:
  • with-non-deleted-entries. Returns all entries matching the search criteria with the results including non-deleted and soft-deleted entries.
  • without-non-deleted-entries. Returns only soft-deleted entries matching the search criteria.
  • deleted-entries-in-undeleted-form. Returns only soft-deleted entries matching the search criteria with the results returned in their undeleted entry form.
Users must have access to the Soft Delete Entry Access Control to be able to search for soft-deleted entries.
ldapmodify --allowUndelete. Process ADD operations which include the ds-undelete-from-dn attribute as undelete requests. Undelete requests re-add previously soft-deleted entries back to the server as non-deleted entries by providing the Undelete Request Control with the ADD operation. The Directory Server must be configured to allow soft deletes to process any undelete requests and the client user must have the soft-delete-read privilege.
The following table shows the symbolic names that can be used with the server's LDAP commands using the --control/-J option.
Control Symbolic Name
Soft Delete Request Control softdelete
Hard Delete Request Control harddelete
Soft Undelete Request Control undelete
Soft Delete Entry Access Control softdeleteentryaccess