diff options
Diffstat (limited to 'doc/guide/admin/appendix-ldap-result-codes.sdf')
-rw-r--r-- | doc/guide/admin/appendix-ldap-result-codes.sdf | 269 |
1 files changed, 269 insertions, 0 deletions
diff --git a/doc/guide/admin/appendix-ldap-result-codes.sdf b/doc/guide/admin/appendix-ldap-result-codes.sdf new file mode 100644 index 0000000..d54d6f5 --- /dev/null +++ b/doc/guide/admin/appendix-ldap-result-codes.sdf @@ -0,0 +1,269 @@ +# $OpenLDAP$ +# Copyright 2007-2022 The OpenLDAP Foundation, All Rights Reserved. +# COPYING RESTRICTIONS APPLY, see COPYRIGHT. + +H1: LDAP Result Codes + +For the purposes of this guide, we have incorporated the standard LDAP result +codes from {{Appendix A. LDAP Result Codes}} of {{REF:RFC4511}}, a copy of which can +be found in {{F:doc/rfc}} of the OpenLDAP source code. + +We have expanded the description of each error in relation to the OpenLDAP +toolsets. +LDAP extensions may introduce extension-specific result codes, which are not part +of RFC4511. +OpenLDAP returns the result codes related to extensions it implements. +Their meaning is documented in the extension they are related to. + +H2: Non-Error Result Codes + +These result codes (called "non-error" result codes) do not indicate +an error condition: + +> success (0), +> compareFalse (5), +> compareTrue (6), +> referral (10), and +> saslBindInProgress (14). + +The {{success}}, {{compareTrue}}, and {{compareFalse}} result codes indicate +successful completion (and, hence, are referred to as "successful" +result codes). + +The {{referral}} and {{saslBindInProgress}} result codes indicate the client +needs to take additional action to complete the operation. + +H2: Result Codes + +Existing LDAP result codes are described as follows: + +H2: success (0) + +Indicates the successful completion of an operation. + +Note: this code is not used with the Compare operation. See {{SECT:compareFalse (5)}} +and {{SECT:compareTrue (6)}}. + +H2: operationsError (1) + +Indicates that the operation is not properly sequenced with +relation to other operations (of same or different type). + +For example, this code is returned if the client attempts to +StartTLS ({{REF:RFC4511}} Section 4.14) while there are other uncompleted operations +or if a TLS layer was already installed. + +H2: protocolError (2) + +Indicates the server received data that is not well-formed. + +For Bind operation only, this code is also used to indicate +that the server does not support the requested protocol +version. + +For Extended operations only, this code is also used to +indicate that the server does not support (by design or +configuration) the Extended operation associated with the +{{requestName}}. + +For request operations specifying multiple controls, this may +be used to indicate that the server cannot ignore the order +of the controls as specified, or that the combination of the +specified controls is invalid or unspecified. + +H2: timeLimitExceeded (3) + +Indicates that the time limit specified by the client was +exceeded before the operation could be completed. + +H2: sizeLimitExceeded (4) + +Indicates that the size limit specified by the client was +exceeded before the operation could be completed. + +H2: compareFalse (5) + +Indicates that the Compare operation has successfully +completed and the assertion has evaluated to FALSE or +Undefined. + +H2: compareTrue (6) + +Indicates that the Compare operation has successfully +completed and the assertion has evaluated to TRUE. + +H2: authMethodNotSupported (7) + +Indicates that the authentication method or mechanism is not +supported. + +H2: strongerAuthRequired (8) + +Indicates the server requires strong(er) authentication in +order to complete the operation. + +When used with the Notice of Disconnection operation, this +code indicates that the server has detected that an +established security association between the client and +server has unexpectedly failed or been compromised. + +H2: referral (10) + +Indicates that a referral needs to be chased to complete the +operation (see {{REF:RFC4511}} Section 4.1.10). + +H2: adminLimitExceeded (11) + +Indicates that an administrative limit has been exceeded. + +H2: unavailableCriticalExtension (12) + +Indicates a critical control is unrecognized (see {{REF:RFC4511}} Section +4.1.11). + +H2: confidentialityRequired (13) + +Indicates that data confidentiality protections are required. + +H2: saslBindInProgress (14) + +Indicates the server requires the client to send a new bind +request, with the same SASL mechanism, to continue the +authentication process (see {{REF:RFC4511}} Section 4.2). + +H2: noSuchAttribute (16) + +Indicates that the named entry does not contain the specified +attribute or attribute value. + +H2: undefinedAttributeType (17) + +Indicates that a request field contains an unrecognized +attribute description. + +H2: inappropriateMatching (18) + +Indicates that an attempt was made (e.g., in an assertion) to +use a matching rule not defined for the attribute type +concerned. + +H2: constraintViolation (19) + +Indicates that the client supplied an attribute value that +does not conform to the constraints placed upon it by the +data model. + +For example, this code is returned when multiple values are +supplied to an attribute that has a SINGLE-VALUE constraint. + +H2: attributeOrValueExists (20) + +Indicates that the client supplied an attribute or value to +be added to an entry, but the attribute or value already +exists. + +H2: invalidAttributeSyntax (21) + +Indicates that a purported attribute value does not conform +to the syntax of the attribute. + +H2: noSuchObject (32) + +Indicates that the object does not exist in the DIT. + +H2: aliasProblem (33) + +Indicates that an alias problem has occurred. For example, +the code may used to indicate an alias has been dereferenced +that names no object. + +H2: invalidDNSyntax (34) + +Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search +base, target entry, ModifyDN newrdn, etc.) of a request does +not conform to the required syntax or contains attribute +values that do not conform to the syntax of the attribute's +type. + +H2: aliasDereferencingProblem (36) + +Indicates that a problem occurred while dereferencing an +alias. Typically, an alias was encountered in a situation +where it was not allowed or where access was denied. + +H2: inappropriateAuthentication (48) + +Indicates the server requires the client that had attempted +to bind anonymously or without supplying credentials to +provide some form of credentials. + +H2: invalidCredentials (49) + +Indicates that the provided credentials (e.g., the user's name +and password) are invalid. + +H2: insufficientAccessRights (50) + +Indicates that the client does not have sufficient access +rights to perform the operation. + +H2: busy (51) + +Indicates that the server is too busy to service the +operation. + +H2: unavailable (52) + +Indicates that the server is shutting down or a subsystem +necessary to complete the operation is offline. + +H2: unwillingToPerform (53) + +Indicates that the server is unwilling to perform the +operation. + +H2: loopDetect (54) + +Indicates that the server has detected an internal loop (e.g., +while dereferencing aliases or chaining an operation). + +H2: namingViolation (64) + +Indicates that the entry's name violates naming restrictions. + +H2: objectClassViolation (65) + +Indicates that the entry violates object class restrictions. + +H2: notAllowedOnNonLeaf (66) + +Indicates that the operation is inappropriately acting upon a +non-leaf entry. + +H2: notAllowedOnRDN (67) + +Indicates that the operation is inappropriately attempting to +remove a value that forms the entry's relative distinguished +name. + +H2: entryAlreadyExists (68) + +Indicates that the request cannot be fulfilled (added, moved, +or renamed) as the target entry already exists. + +H2: objectClassModsProhibited (69) + +Indicates that an attempt to modify the object class(es) of +an entry's 'objectClass' attribute is prohibited. + +For example, this code is returned when a client attempts to +modify the structural object class of an entry. + +H2: affectsMultipleDSAs (71) + +Indicates that the operation cannot be performed as it would +affect multiple servers (DSAs). + +H2: other (80) + +Indicates the server has encountered an internal error. |