The following examples use the --includeSoftDeleteEntries {with-non-deleted-entries | without-non-deleted-entries | deleted-entries-in-undeleted-form} option, which uses the Soft Delete Entry Access Control. You could also use the --control option with the Soft Delete Entry Access Control symbolic name, softdeleteentryaccess, or the --control option with the actual Soft Delete Entry Access Control OID, 1.3.6.1.4.1.30221.2.5.24.
  • Return Only Soft-Deleted Entries. Run ldapsearch using the --includeSoftDeletedEntries option with the value of without-non-deleted-entries to return only soft-deleted entries.
    $ bin/ldapsearch --baseDN dc=example,dc=com \ 
      --includeSoftDeletedEntries without-non-deleted-entries \ 
      --searchScope sub "(objectclass=*)"  
  • Return Non-Deleted Entries Along with Soft-Deleted Entries. Run ldapsearch using the --includeSoftDeletedEntries option with the value of with-non-deleted-entries to return non-deleted entries along with soft-deleted entries.
    $ bin/ldapsearch --baseDN dc=example,dc=com \ 
      --includeSoftDeletedEntries with-non-deleted-entries \ 
      --searchScope sub "(objectclass=*)"  
  • Return Only Soft-Deleted Entries in Undeleted Form. Run ldapsearch using the --includeSoftDeletedEntries option with the value of deleted-entries-in-undeleted-form to return only soft-deleted entries in undeleted form. Some applications require access to all entries in the server, including both active and soft-deleted entries. The following command returns all entries that were soft-deleted but presents it in a form that is similar to a regular entry with the soft-delete DN in comments. This regular entry format does not show the actual soft-deleted DN but displays it in an "undeleted" form even though it is not actually "undeleted". Also, the object class, ds-soft-delete-entry, is not displayed:.
    $ bin/ldapsearch --baseDN dc=example,dc=com \ 
      --includeSoftDeletedEntries deleted-entries-in-undeleted-form \
      --searchScope sub "(ds-soft-delete-from-dn=*)"  
    
    # Soft-deleted entry DN: 
    # entryUUID=2b5511e2-7616-389b-ab0c-025c805ad32c+uid=user.14,ou=People,dc=exam-
    ple,dc=com 
    dn: uid=user.14,ou=People,dc=example,dc=com 
    objectClass: top
    objectClass: person 
    objectClass: organizationalPerson 
    objectClass: inetOrgPerson 
    postalAddress: Abdalla Abdou$78929 Hillcrest Street$Elmira, ME 93080
    postalCode: 93080  
    description: This is the description for Abdalla Abdou.      
    uid: user.14
    userPassword: {SSHA}7GkzWiMiU12m5m+xBV+ZsoX3gVacMcRtSwDTFg==           
    employeeNumber: 14
    initials: AFA
    givenName: Abdalla           
    pager: +1 307 591 4870
    mobile: +1 401 069 1289           
    cn: Abdalla Abdou
    sn: Abdou
    telephoneNumber: +1 030 505 6190           
    street: 78929 Hillcrest Street
    homePhone: +1 119 487 2328
    l: Elmira
    mail: user.14@maildomain.net
    st: ME