ldap

LDAP Result Codes

Result codes returned in LDAP protocol responses. Defined in RFC 4511 and extended by later RFCs and vendor implementations.

39 codes

references rfc-editor.org/rfc/rfc4511

· All codes 39 codes

0 success The operation completed successfully. No error occurred.
1 operationsError The server encountered an internal error that prevented it from completing the operation. This is a general-purpose server-side error not covered by a more specific code.
2 protocolError The server received data that is not well-formed or that violates the LDAP protocol specification. This includes malformed PDUs and unsupported protocol versions.
3 timeLimitExceeded The time limit specified in the request was exceeded before the operation could complete. The server may return partial results before returning this code.
4 sizeLimitExceeded The size limit specified in the request was exceeded before the operation could complete. The server returns the entries found up to the limit along with this result code.
5 compareFalse The Compare operation completed successfully but the asserted value did not match the attribute value in the entry. This is a normal result, not an error.
6 compareTrue The Compare operation completed successfully and the asserted value matched the attribute value in the entry. This is a normal result, not an error.
7 authMethodNotSupported The authentication method requested by the client is not supported by the server. The client should retry with a different SASL mechanism or simple bind.
8 strongerAuthRequired The server requires stronger authentication than was provided to perform the requested operation. The client must bind using a stronger authentication method.
10 referral The server is not holding the target entry but can provide one or more referrals to other servers that may. The referral URIs are included in the response.
11 adminLimitExceeded An administrative limit in the server (such as the maximum number of search results or the maximum processing time) was exceeded. This limit is server-imposed, not client-requested.
12 unavailableCriticalExtension A control or extension marked as critical in the request is not supported or is unavailable. The server cannot process the request without honouring the critical extension.
13 confidentialityRequired The session is not protected by a confidential channel (such as TLS) and the server requires one to perform the requested operation.
14 saslBindInProgress A SASL bind exchange requires additional steps. The server is returning a challenge to the client, which must respond with another BindRequest to continue the exchange.
16 noSuchAttribute The named attribute does not exist in the entry. Returned by Modify and Compare operations when the specified attribute is absent.
17 undefinedAttributeType The attribute type specified in the request is not defined in the server's schema. The server cannot process an operation referencing an unknown attribute type.
18 inappropriateMatching The matching rule specified in the request is not applicable to the attribute type. For example, using a numeric ordering rule on a string attribute.
19 constraintViolation The requested operation would violate a constraint defined in the schema or server configuration, such as a value exceeding a maximum length or violating a uniqueness constraint.
20 attributeOrValueExists The requested operation would add an attribute or value that already exists in the entry. LDAP attributes may not contain duplicate values.
21 invalidAttributeSyntax The value provided for an attribute does not conform to the attribute's defined syntax. For example, providing a non-integer value for an INTEGER attribute.
32 noSuchObject The target entry specified in the request does not exist in the directory. The server is authoritative for the naming context but the entry is absent.
33 aliasProblem An alias encountered during name resolution was found to be invalid, such as referencing a non-existent entry or creating a circular chain.
34 invalidDNSyntax The distinguished name (DN) provided in the request is syntactically invalid. The DN must conform to the syntax defined in RFC 4514.
36 aliasDereferencingProblem An error occurred while dereferencing an alias during name resolution. The alias points to an entry that cannot be accessed or that the client lacks permission to read.
48 inappropriateAuthentication The client attempted to perform an operation that requires authentication but bound anonymously, or the bind request contained credentials inappropriate for the authentication type requested.
49 invalidCredentials The credentials provided in the Bind request are incorrect. This is typically returned when a wrong password is supplied.
50 insufficientAccessRights The client does not have sufficient access rights to perform the requested operation on the target entry. Access control policy on the server prevents the operation.
51 busy The server is too busy to process the request at this time. The client may retry the operation after a delay.
52 unavailable The server is currently unavailable, for example because it is shutting down or entering a maintenance state. The client should retry later.
53 unwillingToPerform The server is unwilling to perform the requested operation. This is a policy-based refusal distinct from access control; examples include refusing to delete a non-leaf entry or modify a read-only attribute.
54 loopDetect A loop was detected in the chain of referrals or alias dereferences while processing the request. The server aborts to prevent infinite recursion.
64 namingViolation The entry's distinguished name violates the naming rules defined in the schema, such as using an attribute type not permitted as a naming attribute for the object class.
65 objectClassViolation The entry's attributes do not satisfy the requirements of its object classes, such as missing a required attribute or including an attribute not permitted by any of the entry's object classes.
66 notAllowedOnNonLeaf The requested operation is not permitted on a non-leaf entry. For example, deleting an entry that still has child entries is not allowed.
67 notAllowedOnRDN The requested Modify operation would remove or alter an attribute value that forms part of the entry's relative distinguished name (RDN), which is not permitted.
68 entryAlreadyExists The Add or ModifyDN operation failed because an entry with the specified DN already exists in the directory.
69 objectClassModsProhibited The requested modification to the objectClass attribute is not permitted. Servers may disallow certain changes to object class membership, such as removing a structural object class.
71 affectsMultipleDSAs The operation affects entries in multiple Directory System Agents (DSAs) and the server does not support distributed operations of this kind. Returned by ModifyDN when the new superior is in a different server.
80 other An unknown or unclassified error occurred. This is a catch-all result code for errors that do not fit any other defined category.