Soft-deleted entries are excluded from normal LDAP searches because they represent "deleted" entries. The ldapsearch tool has been updated to support these types of searches. If you want the option to search for soft-deleted entries, there are three ways to do so:
  • Base-Level Search on a Soft-Deleted entry by DN. Use ldapsearch and specify the base DN of the specific soft-deleted entry that you are searching for.
  • Filtered Search by ds-soft-delete-entry object class. To search for all soft-deleted entries, use ldapsearch with a filter on the ds-soft-delete-entry objectclass.
  • Soft-Delete-Entry-Access Control. You can use the Soft Delete Entry Access Control with the LDAP search to return soft-deleted entries. The ldapsearch tool provides a shortcut option, --includeSoftDeletedEntries, that sends the control to the server for processing. The control allows for the following search possibilities:
    • Return only soft-deleted entries.
    • Return non-deleted entries along with soft-deleted entries.
    • Return only soft-deleted entries in undeleted form.