1# $OpenLDAP: pkg/openldap-guide/admin/appendix-ldap-result-codes.sdf,v 1.1.2.4 2008/02/11 23:26:39 kurt Exp $ 2# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved. 3# COPYING RESTRICTIONS APPLY, see COPYRIGHT. 4 5H1: LDAP Result Codes 6 7For the purposes of this guide, we have incorporated the standard LDAP result 8codes from {{Appendix A. LDAP Result Codes}} of rfc4511. A copy of which can 9be found in {{F:doc/rfc}} of the OpenLDAP source code. 10 11We have expanded the description of each error in relation to the OpenLDAP 12toolsets. 13 14H2: Non-Error Result Codes 15 16These result codes (called "non-error" result codes) do not indicate 17an error condition: 18 19> success (0), 20> compareFalse (5), 21> compareTrue (6), 22> referral (10), and 23> saslBindInProgress (14). 24 25The {{success}}, {{compareTrue}}, and {{compareFalse}} result codes indicate 26successful completion (and, hence, are referred to as "successful" 27result codes). 28 29The {{referral}} and {{saslBindInProgress}} result codes indicate the client 30needs to take additional action to complete the operation. 31 32H2: Result Codes 33 34Existing LDAP result codes are described as follows: 35 36H2: {{success (0)}} 37 38Indicates the successful completion of an operation. 39 40Note: this code is not used with the Compare operation. See {{SECT:compareFalse (5)}} 41and {{SECT:compareTrue (6)}}. 42 43H2: {{operationsError (1)}} 44 45Indicates that the operation is not properly sequenced with 46relation to other operations (of same or different type). 47 48For example, this code is returned if the client attempts to 49StartTLS [RFC4346] while there are other uncompleted operations 50or if a TLS layer was already installed. 51 52H2: {{protocolError (2)}} 53 54Indicates the server received data that is not well-formed. 55 56For Bind operation only, this code is also used to indicate 57that the server does not support the requested protocol 58version. 59 60For Extended operations only, this code is also used to 61indicate that the server does not support (by design or 62configuration) the Extended operation associated with the 63{{requestName}}. 64 65For request operations specifying multiple controls, this may 66be used to indicate that the server cannot ignore the order 67of the controls as specified, or that the combination of the 68specified controls is invalid or unspecified. 69 70H2: {{timeLimitExceeded (3)}} 71 72Indicates that the time limit specified by the client was 73exceeded before the operation could be completed. 74 75H2: {{sizeLimitExceeded (4)}} 76 77Indicates that the size limit specified by the client was 78exceeded before the operation could be completed. 79 80H2: {{compareFalse (5)}} 81 82Indicates that the Compare operation has successfully 83completed and the assertion has evaluated to FALSE or 84Undefined. 85 86H2: {{compareTrue (6)}} 87 88Indicates that the Compare operation has successfully 89completed and the assertion has evaluated to TRUE. 90 91H2: {{authMethodNotSupported (7)}} 92 93Indicates that the authentication method or mechanism is not 94supported. 95 96H2: {{strongerAuthRequired (8)}} 97 98Indicates the server requires strong(er) authentication in 99order to complete the operation. 100 101When used with the Notice of Disconnection operation, this 102code indicates that the server has detected that an 103established security association between the client and 104server has unexpectedly failed or been compromised. 105 106H2: {{referral (10)}} 107 108Indicates that a referral needs to be chased to complete the 109operation (see Section 4.1.10). 110 111H2: {{adminLimitExceeded (11)}} 112 113Indicates that an administrative limit has been exceeded. 114 115H2: {{unavailableCriticalExtension (12)}} 116 117Indicates a critical control is unrecognized (see Section 1184.1.11). 119 120H2: {{confidentialityRequired (13)}} 121 122Indicates that data confidentiality protections are required. 123 124H2: {{saslBindInProgress (14)}} 125 126Indicates the server requires the client to send a new bind 127request, with the same SASL mechanism, to continue the 128authentication process (see Section 4.2). 129 130H2: {{noSuchAttribute (16)}} 131 132Indicates that the named entry does not contain the specified 133attribute or attribute value. 134 135H2: {{undefinedAttributeType (17)}} 136 137Indicates that a request field contains an unrecognized 138attribute description. 139 140H2: {{inappropriateMatching (18)}} 141 142Indicates that an attempt was made (e.g., in an assertion) to 143use a matching rule not defined for the attribute type 144concerned. 145 146H2: {{constraintViolation (19)}} 147 148Indicates that the client supplied an attribute value that 149does not conform to the constraints placed upon it by the 150data model. 151 152For example, this code is returned when multiple values are 153supplied to an attribute that has a SINGLE-VALUE constraint. 154 155H2: {{attributeOrValueExists (20)}} 156 157Indicates that the client supplied an attribute or value to 158be added to an entry, but the attribute or value already 159exists. 160 161H2: {{invalidAttributeSyntax (21)}} 162 163Indicates that a purported attribute value does not conform 164to the syntax of the attribute. 165 166H2: {{noSuchObject (32)}} 167 168Indicates that the object does not exist in the DIT. 169 170H2: {{aliasProblem (33)}} 171 172Indicates that an alias problem has occurred. For example, 173the code may used to indicate an alias has been dereferenced 174that names no object. 175 176H2: {{invalidDNSyntax (34)}} 177 178Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search 179base, target entry, ModifyDN newrdn, etc.) of a request does 180not conform to the required syntax or contains attribute 181values that do not conform to the syntax of the attribute's 182type. 183 184H2: {{aliasDereferencingProblem (36)}} 185 186Indicates that a problem occurred while dereferencing an 187alias. Typically, an alias was encountered in a situation 188where it was not allowed or where access was denied. 189 190H2: {{inappropriateAuthentication (48)}} 191 192Indicates the server requires the client that had attempted 193to bind anonymously or without supplying credentials to 194provide some form of credentials. 195 196H2: {{invalidCredentials (49)}} 197 198Indicates that the provided credentials (e.g., the user's name 199and password) are invalid. 200 201H2: {{insufficientAccessRights (50)}} 202 203Indicates that the client does not have sufficient access 204rights to perform the operation. 205 206H2: {{busy (51)}} 207 208Indicates that the server is too busy to service the 209operation. 210 211H2: {{unavailable (52)}} 212 213Indicates that the server is shutting down or a subsystem 214necessary to complete the operation is offline. 215 216H2: {{unwillingToPerform (53)}} 217 218Indicates that the server is unwilling to perform the 219operation. 220 221H2: {{loopDetect (54)}} 222 223Indicates that the server has detected an internal loop (e.g., 224while dereferencing aliases or chaining an operation). 225 226H2: {{namingViolation (64)}} 227 228Indicates that the entry's name violates naming restrictions. 229 230H2: {{objectClassViolation (65)}} 231 232Indicates that the entry violates object class restrictions. 233 234H2: {{notAllowedOnNonLeaf (66)}} 235 236Indicates that the operation is inappropriately acting upon a 237non-leaf entry. 238 239H2: {{notAllowedOnRDN (67)}} 240 241Indicates that the operation is inappropriately attempting to 242remove a value that forms the entry's relative distinguished 243name. 244 245H2: {{entryAlreadyExists (68)}} 246 247Indicates that the request cannot be fulfilled (added, moved, 248or renamed) as the target entry already exists. 249 250H2: {{objectClassModsProhibited (69)}} 251 252Indicates that an attempt to modify the object class(es) of 253an entry's 'objectClass' attribute is prohibited. 254 255For example, this code is returned when a client attempts to 256modify the structural object class of an entry. 257 258H2: {{affectsMultipleDSAs (71)}} 259 260Indicates that the operation cannot be performed as it would 261affect multiple servers (DSAs). 262 263H2: {{other (80)}} 264 265Indicates the server has encountered an internal error. 266