2 # Copyright 2007-2017 The OpenLDAP Foundation, All Rights Reserved.
3 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
7 For the purposes of this guide, we have incorporated the standard LDAP result
8 codes from {{Appendix A. LDAP Result Codes}} of {{REF:RFC4511}}, a copy of which can
9 be found in {{F:doc/rfc}} of the OpenLDAP source code.
11 We have expanded the description of each error in relation to the OpenLDAP
13 LDAP extensions may introduce extension-specific result codes, which are not part
15 OpenLDAP returns the result codes related to extensions it implements.
16 Their meaning is documented in the extension they are related to.
18 H2: Non-Error Result Codes
20 These result codes (called "non-error" result codes) do not indicate
27 > saslBindInProgress (14).
29 The {{success}}, {{compareTrue}}, and {{compareFalse}} result codes indicate
30 successful completion (and, hence, are referred to as "successful"
33 The {{referral}} and {{saslBindInProgress}} result codes indicate the client
34 needs to take additional action to complete the operation.
38 Existing LDAP result codes are described as follows:
42 Indicates the successful completion of an operation.
44 Note: this code is not used with the Compare operation. See {{SECT:compareFalse (5)}}
45 and {{SECT:compareTrue (6)}}.
47 H2: operationsError (1)
49 Indicates that the operation is not properly sequenced with
50 relation to other operations (of same or different type).
52 For example, this code is returned if the client attempts to
53 StartTLS ({{REF:RFC4511}} Section 4.14) while there are other uncompleted operations
54 or if a TLS layer was already installed.
58 Indicates the server received data that is not well-formed.
60 For Bind operation only, this code is also used to indicate
61 that the server does not support the requested protocol
64 For Extended operations only, this code is also used to
65 indicate that the server does not support (by design or
66 configuration) the Extended operation associated with the
69 For request operations specifying multiple controls, this may
70 be used to indicate that the server cannot ignore the order
71 of the controls as specified, or that the combination of the
72 specified controls is invalid or unspecified.
74 H2: timeLimitExceeded (3)
76 Indicates that the time limit specified by the client was
77 exceeded before the operation could be completed.
79 H2: sizeLimitExceeded (4)
81 Indicates that the size limit specified by the client was
82 exceeded before the operation could be completed.
86 Indicates that the Compare operation has successfully
87 completed and the assertion has evaluated to FALSE or
92 Indicates that the Compare operation has successfully
93 completed and the assertion has evaluated to TRUE.
95 H2: authMethodNotSupported (7)
97 Indicates that the authentication method or mechanism is not
100 H2: strongerAuthRequired (8)
102 Indicates the server requires strong(er) authentication in
103 order to complete the operation.
105 When used with the Notice of Disconnection operation, this
106 code indicates that the server has detected that an
107 established security association between the client and
108 server has unexpectedly failed or been compromised.
112 Indicates that a referral needs to be chased to complete the
113 operation (see {{REF:RFC4511}} Section 4.1.10).
115 H2: adminLimitExceeded (11)
117 Indicates that an administrative limit has been exceeded.
119 H2: unavailableCriticalExtension (12)
121 Indicates a critical control is unrecognized (see {{REF:RFC4511}} Section
124 H2: confidentialityRequired (13)
126 Indicates that data confidentiality protections are required.
128 H2: saslBindInProgress (14)
130 Indicates the server requires the client to send a new bind
131 request, with the same SASL mechanism, to continue the
132 authentication process (see {{REF:RFC4511}} Section 4.2).
134 H2: noSuchAttribute (16)
136 Indicates that the named entry does not contain the specified
137 attribute or attribute value.
139 H2: undefinedAttributeType (17)
141 Indicates that a request field contains an unrecognized
142 attribute description.
144 H2: inappropriateMatching (18)
146 Indicates that an attempt was made (e.g., in an assertion) to
147 use a matching rule not defined for the attribute type
150 H2: constraintViolation (19)
152 Indicates that the client supplied an attribute value that
153 does not conform to the constraints placed upon it by the
156 For example, this code is returned when multiple values are
157 supplied to an attribute that has a SINGLE-VALUE constraint.
159 H2: attributeOrValueExists (20)
161 Indicates that the client supplied an attribute or value to
162 be added to an entry, but the attribute or value already
165 H2: invalidAttributeSyntax (21)
167 Indicates that a purported attribute value does not conform
168 to the syntax of the attribute.
170 H2: noSuchObject (32)
172 Indicates that the object does not exist in the DIT.
174 H2: aliasProblem (33)
176 Indicates that an alias problem has occurred. For example,
177 the code may used to indicate an alias has been dereferenced
178 that names no object.
180 H2: invalidDNSyntax (34)
182 Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search
183 base, target entry, ModifyDN newrdn, etc.) of a request does
184 not conform to the required syntax or contains attribute
185 values that do not conform to the syntax of the attribute's
188 H2: aliasDereferencingProblem (36)
190 Indicates that a problem occurred while dereferencing an
191 alias. Typically, an alias was encountered in a situation
192 where it was not allowed or where access was denied.
194 H2: inappropriateAuthentication (48)
196 Indicates the server requires the client that had attempted
197 to bind anonymously or without supplying credentials to
198 provide some form of credentials.
200 H2: invalidCredentials (49)
202 Indicates that the provided credentials (e.g., the user's name
203 and password) are invalid.
205 H2: insufficientAccessRights (50)
207 Indicates that the client does not have sufficient access
208 rights to perform the operation.
212 Indicates that the server is too busy to service the
217 Indicates that the server is shutting down or a subsystem
218 necessary to complete the operation is offline.
220 H2: unwillingToPerform (53)
222 Indicates that the server is unwilling to perform the
227 Indicates that the server has detected an internal loop (e.g.,
228 while dereferencing aliases or chaining an operation).
230 H2: namingViolation (64)
232 Indicates that the entry's name violates naming restrictions.
234 H2: objectClassViolation (65)
236 Indicates that the entry violates object class restrictions.
238 H2: notAllowedOnNonLeaf (66)
240 Indicates that the operation is inappropriately acting upon a
243 H2: notAllowedOnRDN (67)
245 Indicates that the operation is inappropriately attempting to
246 remove a value that forms the entry's relative distinguished
249 H2: entryAlreadyExists (68)
251 Indicates that the request cannot be fulfilled (added, moved,
252 or renamed) as the target entry already exists.
254 H2: objectClassModsProhibited (69)
256 Indicates that an attempt to modify the object class(es) of
257 an entry's 'objectClass' attribute is prohibited.
259 For example, this code is returned when a client attempts to
260 modify the structural object class of an entry.
262 H2: affectsMultipleDSAs (71)
264 Indicates that the operation cannot be performed as it would
265 affect multiple servers (DSAs).
269 Indicates the server has encountered an internal error.