From 802a00a01610ca703625d9d5c6f77121c0b787f9 Mon Sep 17 00:00:00 2001 From: Gavin Henry Date: Wed, 24 Oct 2007 15:43:19 +0000 Subject: [PATCH] Finish port of rfc4511 into appendix for error codes. Just need to give examples as to why a user would hit a certain error in relation to a slap*/ldap* tool --- .../admin/appendix-ldap-result-codes.sdf | 262 +++++++++++++++++- doc/guide/admin/aspell.en.pws | 36 ++- 2 files changed, 293 insertions(+), 5 deletions(-) diff --git a/doc/guide/admin/appendix-ldap-result-codes.sdf b/doc/guide/admin/appendix-ldap-result-codes.sdf index 6276441f98..501259e03e 100644 --- a/doc/guide/admin/appendix-ldap-result-codes.sdf +++ b/doc/guide/admin/appendix-ldap-result-codes.sdf @@ -4,6 +4,262 @@ H1: LDAP Result Codes -Port "Appendix A. LDAP Result Codes" from rfc4511 and add a small explanation -in addition to current one for ldap*/slap* tools, with the aim of fending off simple, recurring -questions on the lists. +For the purposes of this guide, we have incorporated the standard LDAP result +codes from {{Appendix A. LDAP Result Codes}} of rfc4511. A copy of which can +be found in {{F:doc/rfc}} of the OpenLDAP source code. + +We have expanded the description of each error in relation to the OpenLDAP +toolsets. + +H2: Non-Error Result Codes + +These result codes (called "non-error" result codes) do not indicate +an error condition: + +> success (0), +> compareFalse (5), +> compareTrue (6), +> referral (10), and +> saslBindInProgress (14). + +The {{success}}, {{compareTrue}}, and {{compareFalse}} result codes indicate +successful completion (and, hence, are referred to as "successful" +result codes). + +The {{referral}} and {{saslBindInProgress}} result codes indicate the client +needs to take additional action to complete the operation. + +H2: Result Codes + +Existing LDAP result codes are described as follows: + +H2: {{success (0)}} + +Indicates the successful completion of an operation. + +Note: this code is not used with the Compare operation. See {{SECT:compareFalse (5)}} +and {{SECT:compareTrue (6)}}. + +H2: {{operationsError (1)}} + +Indicates that the operation is not properly sequenced with +relation to other operations (of same or different type). + +For example, this code is returned if the client attempts to +StartTLS [RFC4346] while there are other uncompleted operations +or if a TLS layer was already installed. + +H2: {{protocolError (2)}} + +Indicates the server received data that is not well-formed. + +For Bind operation only, this code is also used to indicate +that the server does not support the requested protocol +version. + +For Extended operations only, this code is also used to +indicate that the server does not support (by design or +configuration) the Extended operation associated with the +{{requestName}}. + +For request operations specifying multiple controls, this may +be used to indicate that the server cannot ignore the order +of the controls as specified, or that the combination of the +specified controls is invalid or unspecified. + +H2: {{timeLimitExceeded (3)}} + +Indicates that the time limit specified by the client was +exceeded before the operation could be completed. + +H2: {{sizeLimitExceeded (4)}} + +Indicates that the size limit specified by the client was +exceeded before the operation could be completed. + +H2: {{compareFalse (5)}} + +Indicates that the Compare operation has successfully +completed and the assertion has evaluated to FALSE or +Undefined. + +H2: {{compareTrue (6)}} + +Indicates that the Compare operation has successfully +completed and the assertion has evaluated to TRUE. + +H2: {{authMethodNotSupported (7)}} + +Indicates that the authentication method or mechanism is not +supported. + +H2: {{strongerAuthRequired (8)}} + +Indicates the server requires strong(er) authentication in +order to complete the operation. + +When used with the Notice of Disconnection operation, this +code indicates that the server has detected that an +established security association between the client and +server has unexpectedly failed or been compromised. + +H2: {{referral (10)}} + +Indicates that a referral needs to be chased to complete the +operation (see Section 4.1.10). + +H2: {{adminLimitExceeded (11)}} + +Indicates that an administrative limit has been exceeded. + +H2: {{unavailableCriticalExtension (12)}} + +Indicates a critical control is unrecognized (see Section +4.1.11). + +H2: {{confidentialityRequired (13)}} + +Indicates that data confidentiality protections are required. + +H2: {{saslBindInProgress (14)}} + +Indicates the server requires the client to send a new bind +request, with the same SASL mechanism, to continue the +authentication process (see Section 4.2). + +H2: {{noSuchAttribute (16)}} + +Indicates that the named entry does not contain the specified +attribute or attribute value. + +H2: {{undefinedAttributeType (17)}} + +Indicates that a request field contains an unrecognized +attribute description. + +H2: {{inappropriateMatching (18)}} + +Indicates that an attempt was made (e.g., in an assertion) to +use a matching rule not defined for the attribute type +concerned. + +H2: {{constraintViolation (19)}} + +Indicates that the client supplied an attribute value that +does not conform to the constraints placed upon it by the +data model. + +For example, this code is returned when multiple values are +supplied to an attribute that has a SINGLE-VALUE constraint. + +H2: {{attributeOrValueExists (20)}} + +Indicates that the client supplied an attribute or value to +be added to an entry, but the attribute or value already +exists. + +H2: {{invalidAttributeSyntax (21)}} + +Indicates that a purported attribute value does not conform +to the syntax of the attribute. + +H2: {{noSuchObject (32)}} + +Indicates that the object does not exist in the DIT. + +H2: {{aliasProblem (33)}} + +Indicates that an alias problem has occurred. For example, +the code may used to indicate an alias has been dereferenced +that names no object. + +H2: {{invalidDNSyntax (34)}} + +Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search +base, target entry, ModifyDN newrdn, etc.) of a request does +not conform to the required syntax or contains attribute +values that do not conform to the syntax of the attribute's +type. + +H2: {{aliasDereferencingProblem (36)}} + +Indicates that a problem occurred while dereferencing an +alias. Typically, an alias was encountered in a situation +where it was not allowed or where access was denied. + +H2: {{inappropriateAuthentication (48)}} + +Indicates the server requires the client that had attempted +to bind anonymously or without supplying credentials to +provide some form of credentials. + +H2: {{invalidCredentials (49)}} + +Indicates that the provided credentials (e.g., the user's name +and password) are invalid. + +H2: {{insufficientAccessRights (50)}} + +Indicates that the client does not have sufficient access +rights to perform the operation. + +H2: {{busy (51)}} + +Indicates that the server is too busy to service the +operation. + +H2: {{unavailable (52)}} + +Indicates that the server is shutting down or a subsystem +necessary to complete the operation is offline. + +H2: {{unwillingToPerform (53)}} + +Indicates that the server is unwilling to perform the +operation. + +H2: {{loopDetect (54)}} + +Indicates that the server has detected an internal loop (e.g., +while dereferencing aliases or chaining an operation). + +H2: {{namingViolation (64)}} + +Indicates that the entry's name violates naming restrictions. + +H2: {{objectClassViolation (65)}} + +Indicates that the entry violates object class restrictions. + +H2: {{notAllowedOnNonLeaf (66)}} + +Indicates that the operation is inappropriately acting upon a +non-leaf entry. + +H2: {{notAllowedOnRDN (67)}} + +Indicates that the operation is inappropriately attempting to +remove a value that forms the entry's relative distinguished +name. + +H2: {{entryAlreadyExists (68)}} + +Indicates that the request cannot be fulfilled (added, moved, +or renamed) as the target entry already exists. + +H2: {{objectClassModsProhibited (69)}} + +Indicates that an attempt to modify the object class(es) of +an entry's 'objectClass' attribute is prohibited. + +For example, this code is returned when a client attempts to +modify the structural object class of an entry. + +H2: {{affectsMultipleDSAs (71)}} + +Indicates that the operation cannot be performed as it would +affect multiple servers (DSAs). + +H2: {{other (80)}} + +Indicates the server has encountered an internal error. diff --git a/doc/guide/admin/aspell.en.pws b/doc/guide/admin/aspell.en.pws index f2fedf6b62..13db2b8acd 100644 --- a/doc/guide/admin/aspell.en.pws +++ b/doc/guide/admin/aspell.en.pws @@ -1,4 +1,4 @@ -personal_ws-1.1 en 1451 +personal_ws-1.1 en 1483 nattrsets inappropriateAuthentication api @@ -145,11 +145,14 @@ mkversion objectClasses objectclasses searchResultReference +adminLimitExceeded fmt qdescrs olcSuffix +objectClassModsProhibited supportedControl GHz +unavailableCriticalExtension libpath INADDR compareDN @@ -157,6 +160,7 @@ sizelimit unixODBC APIs blen +notAllowedOnNonLeaf attrsOnly attrsonly slappasswd @@ -168,6 +172,7 @@ syncIdSet olcTLSCipherSuite username sizeLimitExceeded +aliasProblem subst idl chroot @@ -178,6 +183,7 @@ ZKKuqbEKJfKSXhUbHG reqRespControls TLSCertificateKeyFile olcAccess +aliasDereferencingProblem proxyTemplates neverDerefaliases RootDN @@ -199,8 +205,10 @@ dataflow subentries attrpair balancer +entryAlreadyExists BerkeleyDB's singleLevel +notAllowedOnRDN entryDN dSAOperation includedir @@ -296,6 +304,7 @@ newPasswdFile ucdata LLL confdir +invalidCredentials BerValues olcDbLinearIndex Elfrink @@ -484,12 +493,14 @@ searchAttrDN cctrls tcp kadmin +undefinedAttributeType strlen spellcheck ludpp typedef olcDbIDLcacheSize ostring +toolsets mwrscdx SMD UCD @@ -517,6 +528,7 @@ src lastName ufn cron +RelativeLDAPDN sql pwdPolicyChecker uid @@ -574,6 +586,7 @@ pwdPolicy slapd sasl slapauth +affectsMultipleDSAs MANCOMPRESS octetStringOrderingStringMatch updatedn @@ -607,6 +620,7 @@ freemods initgroups auditCompare GDBM +DSAs DSA's dsaschema compareFalse @@ -651,6 +665,7 @@ de reqAuthzID backend's backends +requestName cn lcrypto infodir @@ -709,9 +724,11 @@ syslogged mk ng oc +invalidAttributeSyntax errOp pwdMaxAge truelies +insufficientAccessRights NL mr reindex @@ -735,6 +752,7 @@ slapover RL sockname MANCOMPRESSSUFFIX +noSuchAttribute makeinfo coltags ro @@ -764,9 +782,10 @@ xf param MChAODQ caseExactIA -Vu Za +Vu idlecachesize +objectClassViolation ws errSleepTime INSTALLFLAGS @@ -1049,6 +1068,7 @@ kbyte modifiersName keytbl olcHdbConfig +constraintViolation README memcalloc inet @@ -1076,6 +1096,7 @@ Locators bvalues reqResult impl +strongerAuthRequired outvalue returnCode returncode @@ -1085,6 +1106,7 @@ dnssrv ciphersuite auditlog reqControls +protocolError notypes myAttributeType stringbv @@ -1153,6 +1175,7 @@ http uppercased Poobah libldap +invalidDNSyntax ldap ldbm ursula @@ -1192,7 +1215,9 @@ bvfree sleeptime pwdCheckQuality msgidp +confidentialityRequired pwdAttribute +authMethodNotSupported chown PRNGD LDAPRDN @@ -1259,6 +1284,7 @@ databasetype woid numericStringOrderingMatch clientctrls +inappropriateMatching RetCodes ldapc pwdAccountLockedTime @@ -1297,10 +1323,12 @@ olcObjectIdentifier endblock proxyAuthz pagedResults +saslBindInProgress bitstring ACLs berptr olcModuleLoad +namingViolation attributetype attributeType auditModRDN @@ -1357,6 +1385,7 @@ bindDn bindDN binddn methodp +timeLimitExceeded timelimitExceeded pwdInHistory LTSTATIC @@ -1373,6 +1402,7 @@ GnuTLS postread timeval DHAVE +loopDetect caseIgnoreSubstringsMatch monitorIsShadow syncdata @@ -1397,6 +1427,7 @@ RANDFILE attrlist aci directoryOperation +compareTrue selfwrite pwdReset acl @@ -1416,6 +1447,7 @@ userid Kumar AES bdb +attributeOrValueExists manageDSAit ManageDsaIT bindpw -- 2.39.5