Soft delete OIDs

The following table shows the OpenIDs (OIDs) for each soft delete control. The soft delete OIDs are defined in the LDAP SDK generated API documentation.

OID Type OID

Soft Delete Request Control

1.3.6.1.4.1.30221.2.5.20

Soft Delete Response Control

1.3.6.1.4.1.30221.2.5.21

Hard Delete Request Control

1.3.6.1.4.1.30221.2.5.22

Soft Undelete Request Control

1.3.6.1.4.1.30221.2.5.23

Soft Delete Entry Access Control

1.3.6.1.4.1.30221.2.5.24

Soft delete tool options

The following table shows the new tool options available for the soft delete operations.

Operation Options

ldapdelete / ldapmodify

--useSoftDelete/-s. Process DELETE operations with the Soft Delete Request Control, whereby entries are renamed and hidden instead of being permanently deleted. The Directory Server must be configured to allow soft deletes.

Note:

Any entries in the LDIF file with the changetype of delete are processed as a soft-delete request.

ldapdelet

--useHardDelete. Process DELETE operations with the Hard Delete Request Control, which bypasses any soft delete policies and processes the delete request immediately without retaining the entry as a soft-deleted entry. The Directory Server must be configured to allow soft deletes.

ldapsearch

--includeSoftDeletedEntries {with-non-deleted-entries | without-non-deleted-entries | deleted-entries-in-undeleted-form}. Process search operations with the soft delete entry access control. Soft delete search options are as follows:

with-non-deleted-entries
Returns all entries matching the search criteria with the results, including non-deleted and soft-deleted entries.
without-non-deleted-entries
Returns only soft-deleted entries matching the search criteria.
deleted-entries-in-undeleted-form
Returns only soft-deleted entries matching the search criteria with the results returned in their undeleted entry form.

Users must have access to the Soft Delete Entry Access Control to search for soft-deleted entries.

ldapmodify

--allowUndelete. Process ADD operations, which include the ds-undelete-from-dn attribute as undelete requests. Undelete requests re-add previously soft-deleted entries back to the server as non-deleted entries by providing the Undelete Request Control with the ADD operation. The Directory Server must be configured to allow soft deletes to process any undelete requests and the client user must have the soft-delete-read privilege.

Soft delete OID symbolic names using with the --control/-J option

The following table shows the symbolic names that can be used with the server's LDAP commands using the --control/-J option.

Control Symbolic Name

Soft Delete Request Control

softdelete

Hard Delete Request Control

harddelete

Soft Undelete Request Control

undelete

Soft Delete Entry Access Control

softdeleteentryaccess