Soft-deleted entries are excluded from normal LDAP searches because they represent deleted entries. The updated ldapsearch tool supports these types of searches.
There are three different ways to search for soft-deleted entries.
- To perform a base-level search on a soft-deleted entry by distinguished name (DN), run the ldapsearch command and specify the base DN of the specific soft-deleted entry that you are searching for.
To filter your search by
ds-soft-delete-entryobject class, run a search for all soft-deleted entries with the ldapsearch command with a filter on the
To return soft-deleted entries, use the soft-delete-entry-access-control with the
The ldapsearch tool provides a shortcut option,
--includeSoftDeletedEntries, that sends the control to the server for processing. The control allows for the following search possibilities:
- Return only soft-deleted entries.
- Return non-deleted entries along with soft-deleted entries.
- Return only soft-deleted entries in undeleted form.