1# $OpenLDAP$ 2# Copyright 2007-2017 The OpenLDAP Foundation, All Rights Reserved. 3# COPYING RESTRICTIONS APPLY, see COPYRIGHT. 4 5H1: LDAP Result Codes 6 7For the purposes of this guide, we have incorporated the standard LDAP result 8codes from {{Appendix A. LDAP Result Codes}} of {{REF:RFC4511}}, a copy of which can 9be found in {{F:doc/rfc}} of the OpenLDAP source code. 10 11We have expanded the description of each error in relation to the OpenLDAP 12toolsets. 13LDAP extensions may introduce extension-specific result codes, which are not part 14of RFC4511. 15OpenLDAP returns the result codes related to extensions it implements. 16Their meaning is documented in the extension they are related to. 17 18H2: Non-Error Result Codes 19 20These result codes (called "non-error" result codes) do not indicate 21an error condition: 22 23> success (0), 24> compareFalse (5), 25> compareTrue (6), 26> referral (10), and 27> saslBindInProgress (14). 28 29The {{success}}, {{compareTrue}}, and {{compareFalse}} result codes indicate 30successful completion (and, hence, are referred to as "successful" 31result codes). 32 33The {{referral}} and {{saslBindInProgress}} result codes indicate the client 34needs to take additional action to complete the operation. 35 36H2: Result Codes 37 38Existing LDAP result codes are described as follows: 39 40H2: success (0) 41 42Indicates the successful completion of an operation. 43 44Note: this code is not used with the Compare operation. See {{SECT:compareFalse (5)}} 45and {{SECT:compareTrue (6)}}. 46 47H2: operationsError (1) 48 49Indicates that the operation is not properly sequenced with 50relation to other operations (of same or different type). 51 52For example, this code is returned if the client attempts to 53StartTLS ({{REF:RFC4511}} Section 4.14) while there are other uncompleted operations 54or if a TLS layer was already installed. 55 56H2: protocolError (2) 57 58Indicates the server received data that is not well-formed. 59 60For Bind operation only, this code is also used to indicate 61that the server does not support the requested protocol 62version. 63 64For Extended operations only, this code is also used to 65indicate that the server does not support (by design or 66configuration) the Extended operation associated with the 67{{requestName}}. 68 69For request operations specifying multiple controls, this may 70be used to indicate that the server cannot ignore the order 71of the controls as specified, or that the combination of the 72specified controls is invalid or unspecified. 73 74H2: timeLimitExceeded (3) 75 76Indicates that the time limit specified by the client was 77exceeded before the operation could be completed. 78 79H2: sizeLimitExceeded (4) 80 81Indicates that the size limit specified by the client was 82exceeded before the operation could be completed. 83 84H2: compareFalse (5) 85 86Indicates that the Compare operation has successfully 87completed and the assertion has evaluated to FALSE or 88Undefined. 89 90H2: compareTrue (6) 91 92Indicates that the Compare operation has successfully 93completed and the assertion has evaluated to TRUE. 94 95H2: authMethodNotSupported (7) 96 97Indicates that the authentication method or mechanism is not 98supported. 99 100H2: strongerAuthRequired (8) 101 102Indicates the server requires strong(er) authentication in 103order to complete the operation. 104 105When used with the Notice of Disconnection operation, this 106code indicates that the server has detected that an 107established security association between the client and 108server has unexpectedly failed or been compromised. 109 110H2: referral (10) 111 112Indicates that a referral needs to be chased to complete the 113operation (see {{REF:RFC4511}} Section 4.1.10). 114 115H2: adminLimitExceeded (11) 116 117Indicates that an administrative limit has been exceeded. 118 119H2: unavailableCriticalExtension (12) 120 121Indicates a critical control is unrecognized (see {{REF:RFC4511}} Section 1224.1.11). 123 124H2: confidentialityRequired (13) 125 126Indicates that data confidentiality protections are required. 127 128H2: saslBindInProgress (14) 129 130Indicates the server requires the client to send a new bind 131request, with the same SASL mechanism, to continue the 132authentication process (see {{REF:RFC4511}} Section 4.2). 133 134H2: noSuchAttribute (16) 135 136Indicates that the named entry does not contain the specified 137attribute or attribute value. 138 139H2: undefinedAttributeType (17) 140 141Indicates that a request field contains an unrecognized 142attribute description. 143 144H2: inappropriateMatching (18) 145 146Indicates that an attempt was made (e.g., in an assertion) to 147use a matching rule not defined for the attribute type 148concerned. 149 150H2: constraintViolation (19) 151 152Indicates that the client supplied an attribute value that 153does not conform to the constraints placed upon it by the 154data model. 155 156For example, this code is returned when multiple values are 157supplied to an attribute that has a SINGLE-VALUE constraint. 158 159H2: attributeOrValueExists (20) 160 161Indicates that the client supplied an attribute or value to 162be added to an entry, but the attribute or value already 163exists. 164 165H2: invalidAttributeSyntax (21) 166 167Indicates that a purported attribute value does not conform 168to the syntax of the attribute. 169 170H2: noSuchObject (32) 171 172Indicates that the object does not exist in the DIT. 173 174H2: aliasProblem (33) 175 176Indicates that an alias problem has occurred. For example, 177the code may used to indicate an alias has been dereferenced 178that names no object. 179 180H2: invalidDNSyntax (34) 181 182Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search 183base, target entry, ModifyDN newrdn, etc.) of a request does 184not conform to the required syntax or contains attribute 185values that do not conform to the syntax of the attribute's 186type. 187 188H2: aliasDereferencingProblem (36) 189 190Indicates that a problem occurred while dereferencing an 191alias. Typically, an alias was encountered in a situation 192where it was not allowed or where access was denied. 193 194H2: inappropriateAuthentication (48) 195 196Indicates the server requires the client that had attempted 197to bind anonymously or without supplying credentials to 198provide some form of credentials. 199 200H2: invalidCredentials (49) 201 202Indicates that the provided credentials (e.g., the user's name 203and password) are invalid. 204 205H2: insufficientAccessRights (50) 206 207Indicates that the client does not have sufficient access 208rights to perform the operation. 209 210H2: busy (51) 211 212Indicates that the server is too busy to service the 213operation. 214 215H2: unavailable (52) 216 217Indicates that the server is shutting down or a subsystem 218necessary to complete the operation is offline. 219 220H2: unwillingToPerform (53) 221 222Indicates that the server is unwilling to perform the 223operation. 224 225H2: loopDetect (54) 226 227Indicates that the server has detected an internal loop (e.g., 228while dereferencing aliases or chaining an operation). 229 230H2: namingViolation (64) 231 232Indicates that the entry's name violates naming restrictions. 233 234H2: objectClassViolation (65) 235 236Indicates that the entry violates object class restrictions. 237 238H2: notAllowedOnNonLeaf (66) 239 240Indicates that the operation is inappropriately acting upon a 241non-leaf entry. 242 243H2: notAllowedOnRDN (67) 244 245Indicates that the operation is inappropriately attempting to 246remove a value that forms the entry's relative distinguished 247name. 248 249H2: entryAlreadyExists (68) 250 251Indicates that the request cannot be fulfilled (added, moved, 252or renamed) as the target entry already exists. 253 254H2: objectClassModsProhibited (69) 255 256Indicates that an attempt to modify the object class(es) of 257an entry's 'objectClass' attribute is prohibited. 258 259For example, this code is returned when a client attempts to 260modify the structural object class of an entry. 261 262H2: affectsMultipleDSAs (71) 263 264Indicates that the operation cannot be performed as it would 265affect multiple servers (DSAs). 266 267H2: other (80) 268 269Indicates the server has encountered an internal error. 270