The LDAP delete operation may be used to remove an entry from the directory server. Both the delete request and the delete response are very simple.

The Delete Request

The delete request protocol operation is defined as follows in RFC 4511 section 4.8:

DelRequest ::= [APPLICATION 10] LDAPDN

RFC 4511 also indicates that the LDAPDN element is a simple octet string with values constrained to be valid DNs as described in RFC 4514. So the delete request protocol op is merely an octet string with BER type 0x4a (application class, primitive, tag number ten) whose value is the string representation of the DN of the entry to remove. For example, a request (with message ID two) to delete entry uid=jdoe,ou=People,dc=example,dc=com would be encoded as:

30 29 -- Begin the LDAPMessage sequence
   02 01 02 -- The message ID (integer value 2)
   4a 24 75 69 64 3d 6a 64 6f 65 -- The delete request protocol op (octet string
         2c 6f 75 3d 50 65 6f 70 -- "uid=jdoe,ou=People,dc=example,dc=com"
         6c 65 2c 64 63 3d 65 78 -- with type application class, primitive,
         61 6d 70 6c 65 2c 64 63 -- tag number ten)
         3d 63 6f 6d

The Delete Response

The delete response protocol op is also defined in RFC 4511 section 4.8:

DelResponse ::= [APPLICATION 11] LDAPResult

We’ve already covered the LDAPResult in another section, so the only thing of note here is that when it’s used for the delete response protocol op, it has a BER type of 0x6b (application class, constructed, tag number eleven). So if the above delete request is processed successfully, the corresponding delete response would be encoded as follows:

30 0c -- Begin the LDAPMessage sequence
   02 01 02 -- The message ID (integer value 2)
   6b 07 -- Begin the delete response protocol op
      0a 01 00 -- success result code (enumerated value 0)
      04 00 -- No matched DN (0-byte octet string)
      04 00 -- No diagnostic message (0-byte octet string)

Previous: The LDAP Compare Operation

Next: The LDAP Extended Operation