Symas OpenLDAP Knowledge Base

LDAP Result Codes

(0 | 0x00) success

Indicates the successful completion of an operation. Note: this code is not used with the Compare operation. See compareFalse (5) and compareTrue (6).

(1 | 0x01) operationsError

Indicates that the operation is not properly sequenced with relation to other operations (of same or different type).

For example, this code is returned if the client attempts to StartTLS [RFC4346] while there are other uncompleted operations or if a TLS layer was already installed.

(2 | 0x01) protocolError

Indicates the server received data that is not well-formed.

For Bind operation only, this code is also used to indicate that the server does not support the requested protocol version.

For Extended operations only, this code is also used to indicate that the server does not support (by design or configuration) the Extended operation associated with the requestName.

For request operations specifying multiple controls, this may be used to indicate that the server cannot ignore the order of the controls as specified, or that the combination of the specified controls is invalid or unspecified.

(3 | 0x03) timeLimitExceeded

Indicates that the time limit specified by the client was exceeded before the operation could be completed.

(4 | 0x04) sizeLimitExceeded

Indicates that the size limit specified by the client was exceeded before the operation could be completed.

(5 | 0x05) compareFalse

Indicates that the Compare operation has successfully completed and the assertion has evaluated to FALSE or Undefined.

(6 | 0x06) compareTrue

Indicates that the Compare operation has successfully completed and the assertion has evaluated to TRUE.

(7 | 0x07) authMethodNotSupported

Indicates that the authentication method or mechanism is not supported.

(8 | 0x08) strongerAuthRequired

Indicates the server requires strong(er) authentication in order to complete the operation.

When used with the Notice of Disconnection operation, this code indicates that the server has detected that an established security association between the client and server has unexpectedly failed or been compromised.

(10 | 0xA) referral

Indicates that a referral needs to be chased to complete the operation (see Section 4.1.10).

(11 | 0x0B) adminLimitExceeded

Indicates that an administrative limit has been exceeded.

(12 | 0x0C) unavailableCriticalExtension

Indicates a critical control is unrecognized (see Section 4.1.11).

(13 | 0x0D) confidentialityRequired

Indicates that data confidentiality protections are required.

(14 | 0x0E) saslBindInProgress

Indicates the server requires the client to send a new bind request, with the same SASL mechanism, to continue the authentication process (see Section 4.2).

(16 | 0x10) noSuchAttribute

Indicates that the named entry does not contain the specified attribute or attribute value.

(17 | 0x11) undefinedAttributeType

Indicates that a request field contains an unrecognized attribute description.

(18 | 0x12) inappropriateMatching

Indicates that an attempt was made (e.g., in an assertion) to use a matching rule not defined for the attribute type concerned.

(19 | 0x13) constraintViolation

Indicates that the client supplied an attribute value that does not conform to the constraints placed upon it by the data model.

For example, this code is returned when multiple values are supplied to an attribute that has a SINGLE-VALUE constraint.

(20 | 0x14) attributeOrValueExists

Indicates that the client supplied an attribute or value to be added to an entry, but the attribute or value already exists.

(21 | 0x15) invalidAttributeSyntax

Indicates that a purported attribute value does not conform to the syntax of the attribute.

(32 | 0x20) noSuchObject

Indicates that the object does not exist in the DIT.

(33 | 0x21) aliasProblem

Indicates that an alias problem has occurred. For example, the code may used to indicate an alias has been dereferenced that names no object.

(34 | 0x22) invalidDNSyntax

Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search base, target entry, ModifyDN newrdn, etc.) of a request does not conform to the required syntax or contains attribute values that do not conform to the syntax of the attribute’s type.

(36 | 0x24) aliasDereferencingProblem

Indicates that a problem occurred while dereferencing an alias. Typically, an alias was encountered in a situation where it was not allowed or where access was denied.

(48 | 0x30) inappropriateAuthentication

Indicates the server requires the client that had attempted to bind anonymously or without supplying credentials to provide some form of credentials.

(49 | 0x31) invalidCredentials

Indicates that the provided credentials (e.g., the user’s name and password) are invalid.

(50 | 0x32) insufficientAccessRights

Indicates that the client does not have sufficient access rights to perform the operation.

(51 | 0x33) busy

Indicates that the server is too busy to service the operation.

(52 | 0x34) unavailable

Indicates that the server is shutting down or a subsystem necessary to complete the operation is offline.

(53 | 0x35) unwillingToPerform

Indicates that the server is unwilling to perform the operation.

(54 | 0x36) loopDetect

Indicates that the server has detected an internal loop (e.g., while dereferencing aliases or chaining an operation).

(64 | 0x40) namingViolation

Indicates that the entry’s name violates naming restrictions.

(65 | 0x41) objectClassViolation

Indicates that the entry violates object class restrictions.

(66 | 0x42) notAllowedOnNonLeaf

Indicates that the operation is inappropriately acting upon a non-leaf entry.

(67 | 0x43) notAllowedOnRDN

Indicates that the operation is inappropriately attempting to remove a value that forms the entry’s relative distinguished name.

(68 | 0x44) entryAlreadyExists

Indicates that the request cannot be fulfilled (added, moved, or renamed) as the target entry already exists.

(69 | 0x45) objectClassModsProhibited

Indicates that an attempt to modify the object class(es) of an entry’s ‘objectClass’ attribute is prohibited.

For example, this code is returned when a client attempts to modify the structural object class of an entry.

(71 | 0x47) affectsMultipleDSAs

Indicates that the operation cannot be performed as it would affect multiple servers (DSAs).

(80 | 0x50) other

Indicates the server has encountered an internal error.