LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services

This appendix explains some of the LDAP error codes that can be returned by your LDAP server. It is not a complete list and does not discuss the mechanism of why an LDAP server gives a particular error. To find out additional information on error codes refer to RFC 2251, which defines these error codes. Also, as another very useful resource, see Internet Draft draft-just-ldapv3-rescodes-02.txt , which details exact descriptions of these error codes. Finally, you may also want to refer to the ldap.h file, which in the case of the Solaris Operating Environment can be found in /usr/include .

In addition to reviewing the RFC 2251, review the access and error log files, which are located by default under /var/mps/serverroot/ slapd-instance/ logs . These files can help you debug certain problems with your directory server.

The error codes in TABLE B-1 apply to the iPlanet Directory Server, and possibly to other LDAP servers, but not to all. This list is not comprehensive. Codes without comments in the third column are not currently returned to clients by Netscape Directory Server or generated by the SDK.

Table B-1. LDAP Error Codes

0x00

LDAP_CONNECTION SUCCESS

The operation completed successfully.

1

0x01

LDAP_OPERATIONS_ERROR

Invalid syntax for ACI or schema, or inappropriate control for the operation.

2

0x02

LDAP_PROTOCOL_ERROR

Invalid filter expression on search, or DN on add, modify, or delete.

3

0x03

LDAP_TIME_LIMIT_EXCEEDED

Either the server's or the client's specified search time limit was exceeded.

4

0x04

LDAP_SIZE_LIMIT_EXCEEDED

Either the server's or the client's specified limit on number of search results was exceeded.

5

0x05

LDAP_COMPARE_FALSE

A compare operation returns mismatch.

6

0x06

LDAP_COMPARE_TRUE

A compare operation returns match.

7

0x07

LDAP_STRONG_AUTH_METHOD_NOT_SUPPORTED

The server does not support the requested authentication method.

8

0x08

LDAP_STRONG_AUTH_REQUIRED

The server requires an authentication method stronger than unencrypted user name and password.

9

0x09

LDAP_PARTIAL_RESULTS

The client has bound with LDAP v2, or the server supports only LDAP v2, and the base DN specified by the client is not among the naming contexts of the server.

10

0x0a

LDAP_REFERRAL

The server is configured to return a referral or search reference when an operation is directed toward this DN. This is an LDAP v3 error ONLY.

11

0x0b

LDAP_ADMIN_LIMIT_EXCEEDED

To satisfy the search request, the server would need to process too many entries; the search may need to be narrowed, or the server's lookthrough limit raised.

12

0x0c

LDAP_UNAVAILABLE_CRITICAL_EXTENSION

A control was provided with request; the control was tagged as critical, but the server doesn't support it.

13

0x0d

LDAP_CONFIDENTIALITY_REQUIRED

This error code is new in LDAPv3. This error code may be returned if the session is not protected by a protocol which provides session confidentiality. For example, if the client did not establish a TLS connection using a cipher suite which provides confidentiality of the session before sending any other requests , and the server requires session confidentiality then the server may reject that request with a result code of confidentialityRequired .

14

0x0e

LDAP_SASL_BIND_IN_PROGRESS

SASL authentication is being negotiated between the client and the server.

16

0x10

LDAP_NO_SUCH_ATTRIBUTE

An attribute to be modified or deleted was not present in the entry.

17

0x11

LDAP_UNDEFINED_ATTRIBUTE_TYPE

Applicable operations: Modify, Add.

This error may be returned if the specified attribute is unrecognized by the server, since it is not present in the server's defined schema. If the server doesn't recognize an attribute specified in a search request as the attribute to be returned, the server should not return an error in this case - it should just return values for the requested attributes it does recognize. Note that this result code applies only to the Add and Modify operations

18

0x12

LDAP_INAPPROPRIATE_MATCHING

The value specified doesn't adhere to the syntax definition for that attribute.

19

0x13

LDAP_CONSTRAINT_VIOLATION

Invalid attribute for this entry, or new password does not meet password policy requirements

20

0x14

LDAP_ATTRIBUTE_OR_VALUE_EXISTS

Attempt to add an identical attribute value to an existing one.

21

0x15

LDAP_INVALID_ATTRIBUTE_SYNTAX

 

32

0x20

LDAP_NO_SUCH_OBJECT

Attempt to bind with a nonexistent DN, to search with a nonexistent base DN, or to modify or delete a nonexistent DN.

33

0x21

LDAP_ALIAS_PROBLEM

Applicable operations: Search.

An alias has been dereferenced which names no object.

34

0x22

LDAP_INVALID_DN_SYNTAX

Invalid DN or RDN specified on adding an entry or modifying an RDN.

35

0x23

LDAP_IS_LEAF

 

36

0x24

LDAP_ALIAS_DEREFERENCING_PROBLEM

Applicable operations: Search.

An alias was encountered in a situation where it was not allowed or where access was denied . For example, if the client does not have read permission for the aliasedObjectName attribute and its value, then the error aliasDereferencing Problem should be returned.

48

0x30

LDAP_INAPPROPRIATE_AUTHENTICATION

Applicable operations: Bind.

This error should be returned by the server when the client has tried to use a method of authentication that is inappropriate.

49

0x31

LDAP_INVALID_CREDENTIALS

Invalid password or other credentials supplied on bind.

50

0x32

LDAP_INSUFFICIENT_ACCESS_RIGHTS

Give the user the proper privileges. Check the ACL rules to make sure they are correct.

51

0x33

LDAP_BUSY

Applicable operations: All.

This error code may be returned if the server is unable to process the client's request at this time. This implies that if the client retries the request shortly, the server will be able to process it then.

52

0x34

LDAP_UNAVAILABLE

Returned by SDK if server is not accessible.

53

0x35

LDAP_UNWILLING_TO_PERFORM

User not allowed to change password, password expired , operation not implemented ( moddn ), attempt to modify read-only attribute, attempt to delete all schema elements, attempt to delete an object class that has derived object classes, attempt to delete a read-only schema element, the database is read-only, no back end (database) is available for the operation, or other uncategorized error.

54

0x36

LDAP_LOOP_DETECT

Applicable operations: All.

This error may be returned by the server if it detects an alias or referral loop and is unable to satisfy the client's request.

64

0x40

LDAP_NAMING_VIOLATION

Applicable operations: Add, ModifyDN .

The attempted addition or modification would violate the structure rules of the DIT as defined in the directory schema and X.501. That is, it would place an entry as the subordinate of an alias entry, or in a region of the DIT not permitted to a member of its object class, or would define an RDN for an entry to include a forbidden attribute type.

65

0x41

LDAP_OBJECT_CLASS_VIOLATION

Invalid attribute specified for modify operation on an entry. Update the schema.

66

0x42

LDAP_NOT_ALLOWED_ON_NONLEAF

Attempt to delete an entry that has child nodes.

67

0x43

LDAP_NOT_ALLOWED_ON_RDN

Applicable operations: Delete, ModifyDN .

Attempt to modify the value of the attribute which is the RDN of the entry.

68

0x44

LDAP_ENTRY_ALREADY_EXISTS

No need to update the directory server, since it already has this value/entry .

69

0x45

LDAP_OBJECT_CLASS_MODS_PROHIBITED

Applicable operations: Modify.

An operation attempted to modify an object class that should not be modified, for example, the structural object class of an entry.

70

0x46

LDAP_RESULTS_TOO_LARGE

 

71

0x47

LDAP_AFFECTS_MULTIPLE_DSAS

X.500 restricts the ModifyDN operation to only affect entries that are contained within a single server. If the LDAP server is mapped onto DAP, this restriction will apply and this result code will be returned if this error occurred.

80

0x50

LDAP_OTHER

 

81

0x51

LDAP_SERVER_DOWN

SDK could not connect to server. Start the directory server.

82

0x52

LDAP_LOCAL_ERROR

 

83

0x53

LDAP_ENCODING_ERROR

 

84

0x54

LDAP_DECODING_ERROR

 

85

0x55

LDAP_TIMEOUT

 

86

0x56

LDAP_AUTH_UNKNOWN

 

87

0x57

LDAP_FILTER_ERROR

 

88

0x58

LDAP_USER_CANCELLED

 

89

0x59

LDAP_PARAM_ERROR

No modifications on a modify operation, no attributes on an add operation, invalid scope or empty search filter on search, or other invalid argument to an SDK method.

90

0x5a

LDAP_NO_MEMORY

 

91

0x5b

LDAP_CONNECT_ERROR

SDK reports unexpected error connecting to server.

92

0x5c

LDAP_NOT_SUPPORTED

 

93

0x5d

LDAP_CONTROL_NOT_FOUND

 

94

0x5e

LDAP_NO_RESULTS_RETURNED

 

95

0x5f

LDAP_MORE_RESULTS_TO_RETURN

 

96

0x60

LDAP_CLIENT_LOOP

 

97

0x61

LDAP_REFERRAL_LIMIT_EXCEEDED

SDK reports hop limit exceeded on referral processing.

Категории