RFC 2251 LDAP Result Codes

This article contains the following topics:
casm173
 
This article contains the following topics:
 
 
 
LDAP Return Codes
LDAP has a set of operation result codes that may be generated by the LDAP server in response to various LDAP requests. These codes indicate the status of the protocol operation and are categorized by server or client return code categories.
LDAP Server Return Codes
The following table lists the server return codes:
 
Hex
 
 
Decimal
 
 
Description
 
0x00
0
LDAP_SUCCESS
Indicates the requested client operation completed successfully.
0x01
1
LDAP_OPERATIONS_ERROR
Indicates an internal error occurred. The server is unable to respond with a more specific error and is also unable to properly respond to a request. It does not indicate that the client has sent an erroneous message.
0x02
2
LDAP_PROTOCOL_ERROR
Indicates that the server has received an invalid or malformed request from the client.
0x03
3
LDAP_TIMELIMIT_EXCEEDED
Indicates that the operation's time limit specified by either the client or the server has been exceeded. On search operations, incomplete results are returned.
0x04
4
LDAP_SIZELIMIT_EXCEEDED
Indicates that in a search operation, the size limit specified by the client or the server has been exceeded. Incomplete results are returned.
0x05
5
LDAP_COMPARE_FALSE
Does not indicate an error condition. Indicates that the results of a compare operation are false.
0x06
6
LDAP_COMPARE_TRUE
Does not indicate an error condition. Indicates that the results of a compare operation are true.
0x07
7
LDAP_AUTH_METHOD_NOT_SUPPORTED
Indicates that during a bind operation the client requested an authentication method not supported by the LDAP server.
0x08
8
LDAP_STRONG_AUTH_REQUIRED
Indicates one of the following:
In bind requests, the LDAP server accepts only strong authentication.
In a client request, the client requested an operation, such as delete, that requires strong authentication.
In an unsolicited notice of disconnection, the LDAP server discovers the security protecting the communication between the client and server has unexpectedly failed or been compromised.
0x09
9
Reserved.
0x0A
10
LDAP_REFERRAL
Does not indicate an error condition. In LDAPv3, indicates that the server does not hold the target entry of the request, but that the servers in the referral field may.
0x0B
11
LDAP_ADMINLIMIT_EXCEEDED
Indicates that an LDAP server limit set by an administrative authority has been exceeded.
0x0C
12
LDAP_UNAVAILABLE_CRITICAL_EXTENSION
Indicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type.
0x0D
13
LDAP_CONFIDENTIALITY_REQUIRED
Indicates that the session is not protected by a protocol, such as Transport Layer Security (TLS), which provides session confidentiality.
0x0E
14
LDAP_SASL_BIND_IN_PROGRESS
Does not indicate an error condition, but indicates that the server is ready for the next step in the process. The client must send the server the same SASL mechanism to continue the process.
0x0F
15
Not used.
0x10
16
LDAP_NO_SUCH_ATTRIBUTE
Indicates that the attribute specified in the modify or compare operation does not exist in the entry.
0x11
17
LDAP_UNDEFINED_TYPE
Indicates that the attribute specified in the modify or add operation does not exist in the LDAP server's schema.
0x12
18
LDAP_INAPPROPRIATE_MATCHING
Indicates that the matching rule specified in the search filter does not match a rule defined for the attribute's syntax.
0x13
19
LDAP_CONSTRAINT_VIOLATION
Indicates that the attribute value specified in a modify, add, or modify DN operation violates constraints placed on the attribute. The constraint can be one of size or content (string only, no binary).
0x14
20
LDAP_TYPE_OR_VALUE_EXISTS
Indicates that the attribute value specified in a modify or add operation already exists as a value for that attribute.
0x15
21
LDAP_INVALID_SYNTAX
Indicates that the attribute value specified in an add, compare, or modify operation is an unrecognized or invalid syntax for the attribute.
 
22-31
Not used.
0x20
32
LDAP_NO_SUCH_OBJECT
Indicates that the target object cannot be found. This code is not returned on the following operations:
Search operations that find the search base but cannot find any entries that match the search filter.
Bind operations
0x21
33
LDAP_ALIAS_PROBLEM
Indicates that an error occurred when an alias was dereferenced.
0x22
34
LDAP_INVALID_DN_SYNTAX
Indicates that the syntax of the DN is incorrect. However, if the DN syntax is correct, but the LDAP server's structure rules do not permit the operation, the server returns the following:
LDAP_UNWILLING_TO_PERFORM
0x23
35
LDAP_IS_LEAF
Indicates that the specified operation cannot be performed on a leaf entry. (This code is not currently in the LDAP specifications, but is reserved for this constant.)
0x24
36
LDAP_ALIAS_DEREF_PROBLEM
Indicates that during a search operation, either the client does not have access rights to read the aliased object's name or dereferencing is not allowed.
 
37-47
Not used.
0x30
48
LDAP_INAPPROPRIATE_AUTH
Indicates that during a bind operation, the client is attempting to use an authentication method that the client cannot use correctly. For example, either of the following causes this error:
The client returns simple credentials when strong credentials are required.
The client returns a DN and a password for a simple bind when the entry does not have a password defined.
0x31
49
LDAP_INVALID_CREDENTIALS
Indicates that during a bind operation, one of the following occurred:
The client passed either an incorrect DN or password.
The password is incorrect because it has expired; intruder detection has locked the account, or some other similar reason.
0x32
50
LDAP_INSUFFICIENT_ACCESS
Indicates that the caller does not have sufficient rights to perform the requested operation.
0x33
51
LDAP_BUSY
Indicates that the LDAP server is too busy to process the client request at this time, but if the client waits and resubmits the request, the server may be able to process it then.
0x34
52
LDAP_UNAVAILABLE
Indicates that the LDAP server cannot process the client's bind request, usually because it is shutting down.
0x35
53
LDAP_UNWILLING_TO_PERFORM
Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons:
The add entry request violates the server's structure rules.
The modify attribute request specifies attributes that users cannot modify.
Password restrictions prevent the action.
Connection restrictions prevent the action.
0x36
54
LDAP_LOOP_DETECT
Indicates that the client discovered an alias or referral loop, and is thus unable to complete this request.
 
55-63
Not used.
0x40
64
LDAP_NAMING_VIOLATION
Indicates that the add or modify DN operation violates the schema's structure rules. For example:
The request places the entry subordinate to an alias.
The request places the entry subordinate to a container that is forbidden by the containment rules.
The RDN for the entry uses a forbidden attribute type.
0x41
65
LDAP_OBJECT_CLASS_VIOLATION
Indicates that the add, modify, or modify DN operation violates the object class rules for the entry. For example, the following types of request return this error:
The add or modify operation tries to add an entry without a value for a required attribute.
The add or modify operation tries to add an entry with a value for an attribute which the class definition does not contain.
The modify operation tries to remove a required attribute without removing the auxiliary class that defines the attribute, as required.
0x42
66
LDAP_NOT_ALLOWED_ON_NONLEAF
Indicates that the requested operation is permitted only on leaf entries. For example, the following types of requests return this error:
The client requests a delete operation on a parent entry.
The client request a modify DN operation on a parent entry.
0x43
67
LDAP_NOT_ALLOWED_ON_RDN
Indicates that the modify operation attempted to remove an attribute value that forms the entry's relative distinguished name.
0x44
68
LDAP_ALREADY_EXISTS
Indicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry with the name of an entry that already exists.
0x45
69
LDAP_NO_OBJECT_CLASS_MODS
Indicates that the modify operation attempted to modify the structure rules of an object class.
0x46
70
LDAP_RESULTS_TOO_LARGE
Reserved for CLDAP.
0x47
71
LDAP_AFFECTS_MULTIPLE_DSAS
Indicates that the modify DN operation moves the entry from one LDAP server to another and thus requires more than one LDAP server.
 
72-79
Not used.
0x50
80
LDAP_OTHER
Indicates an unknown error condition. This is the default value for NDS error codes which do not map to other LDAP error codes.
 
LDAP Client Return Codes
The following table lists the client return codes:
 
Hex
 
 
Decimal
 
 
Description
 
0x51
81
LDAP_SERVER_DOWN
Indicates that the LDAP libraries cannot establish an initial connection with the LDAP server. Either the LDAP server is down, or the specified host name or port number is incorrect.
0x52
82
LDAP_LOCAL_ERROR
Indicates that the LDAP client has an error. This is usually a failed dynamic memory allocation error.
0x53
83
LDAP_ENCODING_ERROR
Indicates that the LDAP client encountered errors when encoding an LDAP request intended for the LDAP server.
0x54
84
LDAP_DECODING_ERROR
Indicates that the LDAP client encountered errors when decoding an LDAP response from the LDAP server.
0x55
85
LDAP_TIMEOUT
Indicates that the time limit of the LDAP client was exceeded while waiting for a result.
0x56
86
LDAP_AUTH_UNKNOWN
Indicates that the ldap_bind or ldap_bind_s function was called with an unknown authentication method.
0x57
87
LDAP_FILTER_ERROR
Indicates that the ldap_search function was called with an invalid search filter.
0x58
88
LDAP_USER_CANCELLED
Indicates that the user cancelled the LDAP operation.
0x59
89
LDAP_PARAM_ERROR
Indicates that an LDAP function was called with an invalid parameter value (for example, the ID parameter is NULL).
0x5A
90
LDAP_NO_MEMORY:
Indicates that a dynamic memory allocation function failed when calling an LDAP function.
0B
91
LDAP_CONNECT_ERROR
Indicates that the LDAP client has lost either its connection or cannot establish a connection to the LDAP server.
0x5C
92
LDAP_NOT_SUPPORTED
Indicates that the client does not support the requested functionality. For example, if the LDAP client is established as an LDAPv2 client, the libraries set this error code when the client requests LDAPv3 functionality.
0x5D
93
LDAP_CONTROL_NOT_FOUND
Indicates that the client requested a control that the libraries cannot find in the list of supported controls sent by the LDAP server.
0x5E
94
LDAP_NO_RESULTS_RETURNED
Indicates that the LDAP server sent no results. When the ldap_parse_result function is called, no result code is included in the server's response.
0x5F
95
LDAP_MORE_RESULTS_TO_RETURN
Indicates that more results are chained in the result message. The libraries set this code when the call to the ldap_parse_result function reveals that additional result codes are available.
0x60
96
LDAP_CLIENT_LOOP
Indicates the LDAP libraries detected a loop. Usually, this happens when following referrals.
0x61
97
LDAP_REFERRAL_LIMIT_EXCEEDED
Indicates that the referral exceeds the hop limit. The hop limit determines how many servers the client can hop through to retrieve data. For example, suppose the following conditions:
The hop limit is two.
The referral is to server D which can be contacted only through server B (1 hop) which contacts server C (2 hops) which contacts server D (3 hops)
With these conditions, the hop limit is exceeded and the LDAP libraries set this code.
 
LDAP-Associated RFC Standards
The following table describes the LDAP-associated RFC standards available for your use:
 
RFC
 
 
Description
 
1274
The COSINE and Internet X.500 Schema
1275
Replication Requirements to provide an Internet Directory using X.500
1276
Replication and Distributed Operations extensions to provide an Internet Directory using X.500
1308
Executive Introduction to Directory Services Using the X.500 Protocol
1309
Technical Overview of Directory Services Using the X.500 Protocol
1430
A Strategic Plan for Deploying an Internet X.500 Directory Service
1488
The X.500 String Representation of Standard Attribute Syntaxes
1558
A String Representation of LDAP Search Filters
1617
Naming and Structuring Guidelines for X.500 Directory Pilots
1777
Lightweight Directory Access Protocol v2
1778
The String Representation of Standard Attribute Syntaxes
1779
A String Representation of Distinguished Names
1804
Schema Publishing in X.500 Directory
1823
The LDAP Application Program Interface
1959
An LDAP URL Format
1960
A String Representation of LDAP Search Filters
2044
UTF -8, a transformation format of Unicode and ISO 10646
2164
Use of an X.500/LDAP Directory to support MIXER address mapping
2218
A Common Schema for the Internet White Pages Service
2247
Using Domains in LDAP/X.500 Distinguished Names
2251
Lightweight Directory Access Protocol (v3)
2252
Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions
2253
Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
2254
The String Representation of LDAP Search Filters
2255
The LDAP URL Format
2256
A Summary of the X.500(96) User Schema for use with LDAPv3
2279
UTF-8, a transformation format of ISO 10646
2293
Representing Tables and Subtrees in the X.500 Directory
2294
Representing the O/R Address hierarchy in the X.500 Directory Information Tree
2307
An Approach for Using LDAP as a Network Information Service
2377
Naming Plan for Internet Directory-Enabled Applications
2531
Content Feature Schema for Internet Fax
2559
Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2
2587
Internet X.509 Public Key Infrastructure LDAPv2 Schema
2589
Lightweight Directory Access Protocol (v3): Extensions for Dynamic Directory Services
2596
Use of Language Codes in LDAP
2649
An LDAP Control and Schema for Holding Operation Signatures
2657
RFC 2657 - LDAPv2 Client vs. the Index Mesh
2696
LDAP Control Extension for Simple Paged Results Manipulation
2713
Schema for Representing Java(tm) Objects in an LDAP Directory
2714
Schema for Representing CORBA Object References in an LDAP Directory
2739
Calendar Attributes for vCard and LDAP
2798
Definition of the inetOrgPerson LDAP Object Class
2820
Access Control Requirements for LDAP
2829
Authentication Methods for LDAP
2830
Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security
2849
The LDAP Data Interchange Format (LDIF) - Technical Specification
2879
Content Feature Schema for Internet Fax (V2)
2891
LDAP Control Extension for Server Side Sorting of Search Results
3045
Storing Vendor Information in the LDAP root DSE
3062
LDAP Password Modify Extended Operation
3112
LDAP Authentication Password Schema
3296
Named Subordinate References in Lightweight Directory Access Protocol Directories
3377
Lightweight Directory Access Protocol (v3): Technical Specification
3384
Lightweight Directory Access Protocol (version 3) Replication Requirements