Table of Contents | Previous
| Next
| Index
Netscape Directory SDK 3.0 for C Programmer’s Guide
This chapter lists the LDAP result codes returned by functions in the LDAP API.
These result codes represent results that are specified in the LDAP protocol:
The following lists the result codes by number for convenience:
This result code indicates that the "look through limit" on a search operation has been exceeded.
When working with the Netscape Directory Server, keep in mind the following:
The "look through limit" is the maximum number of entries that the server will check when gathering a list of potential search result candidates. See the Netscape Directory Server Administrator's Guide for details.
This result code indicates that the requested operation needs to be performed on multiple servers, where this operation is not permitted.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that a problem occurred when dereferencing an alias.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that a problem occurred when dereferencing an alias.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that the request is attempting to add an entry that already exists in the directory.
The Netscape Directory Server sends this result code back to the client in the following situations:
This result code indicates that an unknown authentication method was specified.
The LDAP API library sets this result code if ldap_bind() or ldap_bind_s() are called and an authentication method other than LDAP_AUTH_SIMPLE is specified. (These functions only allow you to use simple authentication.)
This result code indicates that the server is currently too busy to perform the requested operation.
At this point in time, neither the LDAP API library nor the Netscape Directory Server return this result code.
This result code indicates that the LDAP client (API library) detected a loop, for example, when following referrals.
This result code is returned after an LDAP compare operation is completed. The result indicates that the specified attribute value is not present in the specified entry.
This result code is returned after an LDAP compare operation is completed. The result indicates that the specified attribute value is present in the specified entry.
This result code indicates that confidentiality is required for the operation.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that the LDAP client cannot establish a connection (or has lost the connection) with the LDAP server.
The LDAP API library sets this result code. If you have not established an initial connection with the server, verify that you have specified the correct hostname and port number and that the server is running.
If you have lost the connection to the server, see "Handling Failover" for instructions on reconnecting to the server.
This result code indicates that a value in the request does not comply with certain constraints.
The Netscape Directory Server sends this result code back to the client in the following situations:
This result code indicates that a requested LDAP control was not found.
The LDAP API library sets this result code when parsing a server response for controls and not finding the requested controls. For example:
For more information on controls, see "Working with LDAP Controls."
This result code indicates that the LDAP client encountered an error when decoding the LDAP response received from the server.
This result code indicates that the LDAP client encountered an error when encoding the LDAP request to be sent to the server.
This result code indicates that an error occurred when specifying the search filter.
The LDAP API library sets this result code if it cannot encode the specified search filter in an LDAP search request.
This result code indicates that the type of credentials are not appropriate for the method of authentication used.
The Netscape Directory Server sends this result code back to the client if simple authentication is used in a bind request, but the entry has no userpassword attribute. And if SASL EXTERNAL is attempted on a non-SSL connection.(*
This result code indicates that an extensible match filter in a search request contained a matching rule that does not apply to the specified attribute type.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that the search results exceeded the range specified by the requested offsets.
This result code applies to search requests that contain "virtual list view" controls. For more information on this control, see "Using the Virtual List View Control."
Note that versions of the Netscape Directory Server prior to 4.0 do not support the "virtual list view" control.
This result code indicates that the client has insufficient access to perform the operation.
Check the user that you are authenticating as and the access control lists for the server. For information on checking ACLs on the server, see the Netscape Directory Server Administrator's Guide.
This result code indicates that the credentials provided in the request are invalid.
The Netscape Directory Server sends this result code back to the client if a bind request contains the incorrect credentials for a user or if a user's password has already expired.
This result code indicates than an invalid DN has been specified.
The Netscape Directory Server sends this result code back to the client if an add request or a modify DN request specifies an invalid DN. It also sends this code when an SASL_EXTERNAL bind is attempted but certification to DN mapping fails.
This result code indicates that the request contains invalid syntax.
The Netscape Directory Server sends this result code back to the client in the following situations:
This result code indicates that the specified entry is a leaf entry.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that an error occurred in the LDAP client.
This result code indicates that the server was unable to perform the requested operation because of an internal loop.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that there are more results in the chain of results.
The LDAP API library sets this result code when the ldap_parse_result() function is called to retrieve the result code of an operation, and additional result codes from the server are available in the LDAP structure.
This result code indicates that the request violates the structure of the DIT.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that no memory is available.
The LDAP API library sets this result code if a function cannot allocate memory (for example, when creating an LDAP request or an LDAP control).
This result code indicates that the request is attempting to modify the object class that should not be modified (for example, a structural object class).
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that no results were returned from the server.
The LDAP API library sets this result code when the ldap_parse_result() function is called but no result code is included in the server's response.
This result code indicates that the specified attribute does not exist in the entry.
The Netscape Directory Server might send this result code back to the client if, for example, a modify request specifies the modification or removal of a non-existent attribute or if a compare request specifies a non-existent attribute.
This result code indicates that the server cannot find an entry specified in the request.
The Netscape Directory Server sends this result code back to the client if it cannot find a requested entry and if it cannot refer your client to another LDAP server.
This result code indicates that the requested operation is allowed only on entries that do not have child entries (entries that are "leaf" entries, as opposed to "branch" entries).
The Netscape Directory Server sends this result code back to the client if the request is a delete request or a modify DN request and the entry is a parent entry. (You cannot delete or move a branch of entries in a single operation.)
This result code indicates that the requested operation will affect the RDN of the entry.
The Netscape Directory Server sends this result code back to the client if the request is a modify request and the request deletes attribute values from the entry that are used in the RDN of the entry. (For example, if the DN is "uid=bjensen,ou=People,o=Airius.com", the request removes the attribute value "uid=bjensen" from the entry.)
This result code indicates that the LDAP client is attempting to use functionality that is not supported.
The LDAP API library sets this result code if the client identifies itself as an LDAP v2 client, and the client is attempting to use functionality available in LDAP v3. For example:
If you want to use these features, make sure to specify that your LDAP client is an LDAP v3 client. For instructions, see "Specifying the LDAP Version of Your Client."
This result code indicates that the request specifies a change to an entry or a new entry that does not comply with the server's schema.
The Netscape Directory Server sends this result code back to the client in the following situations:
Check the server error logs for more information, and check the schema for the type of entry that you are adding or modifying. For more information on the server's schema, see the Netscape Directory Server Administrator's Guide.
This is a general result code indicating that an error has occurred.
The Netscape Directory Server might send this code if, for example, memory cannot be allocated on the server.
To troubleshoot this type of error, check the server's error logs. You may need to increase the log level of the server to get additional information. (See the Netscape Directory Server Administrator's Guide for information on setting the log level of the server.)
This result code indicates than an unknown error has occurred.
At this point in time, neither the LDAP API library nor the Netscape Directory Server return this result code.
This result code indicates that an invalid parameter was specified.
The LDAP API library sets this result code if a function was called and invalid parameters were specified (for example, if the LDAP structure is NULL).
The Netscape Directory Server sends this result code to LDAP v2 clients to refer them to another LDAP server. When sending this code to a client, the server includes a newline-delimited list of LDAP URLs that identify another LDAP server.
If the client identifies itself as an LDAP v3 client in the request, the Netscape Directory Server sends an LDAP_REFERRAL result code instead of this result code.
This result code indicates that the LDAP client's request does not comply with the LDAP protocol.
The Netscape Directory Server sends this result code back to the client in the following situations:
-
The server cannot parse the incoming request.
-
The request specifies an attribute type that uses a syntax not supported by the server.
-
The request is a SASL bind request, but your client identifies itself as an LDAP v2 client.
Make sure to specify that your LDAP client is an LDAP v3 client. For instructions, see "Specifying the LDAP Version of Your Client."-
The request is a bind request that specifies an unsupported version of the LDAP protocol.
Make sure to specify that your LDAP client is either an LDAP v2 client or an LDAP v3 client. For instructions, see "Specifying the LDAP Version of Your Client."-
The request is an add or a modify request that specifies the addition of an attribute type to an entry, but no values are specified.
-
The request is a modify request, and one of the following is true:
-
The request is a modify DN request, and one of the following is true:
Note that the Netscape Directory Server 3.x and 4.0 do not support the ability to move an entry from under one DN to another DN. If you specify a new superior DN, the request will not be processed. -
The request is a search request, and one of the following is true:
-
The request is a search request with a server-side sorting control, and one of the following is true:
-
The request is an extended operation request, and the server does not support that extended operation.
In the Netscape Directory Server, extended operations are supported through extended operation server plug-ins. Make sure that the server is loading a plug-in that supports the extended operation. Check the OID of the extended operation in your LDAP client to make sure that it matches the OID of the extended operation registered in the server plug-in.
For more information on extended operation server plug-ins, see the Netscape Directory Server Plug-In Programmer's Guide. -
An authentication method other than
LDAP_AUTH_SIMPLE or LDAP_AUTH_SASL is specified.
To troubleshoot this type of error, check the server's error logs. You may need to increase the log level of the server to get additional information. (See the Netscape Directory Server Administrator's Guide for information on setting the log level of the server.)
This result code indicates that the server is referring the client to another LDAP server. When sending this code to a client, the server includes a list of LDAP URLs that identify another LDAP server.
This result code is part of the LDAP v3 protocol. For LDAP v2 clients, the Netscape Directory Server sends an LDAP_PARTIAL_RESULTS result code instead.
This result code indicates that the "referral hop limit" was exceeded.
The LDAP API library sets this result code when following referrals, if the client is referred to other servers more times than allowed by the "referral hop limit". For more information about the "referral hop limit", see "Limiting Referral Hops."
This result code indicates that the results of the request are too large.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code is used in multi-stage SASL bind operations. The server sends this result code back to the client to indicate that the authentication process has not yet completed.
For more information on SASL authentication, see Chapter 13, "Using SASL Authentication".
This result code indicates that the LDAP API library cannot establish a connection (or lost the connection) with the LDAP server.
The LDAP API library sets this result code. If you have not established an initial connection with the server, verify that you have specified the correct hostname and port number and that the server is running.
If you have lost the connection to the server, see "Handling Failover" for instructions on reconnecting to the server.
This result code indicates that the maximum number of search results to return has been exceeded.
The size limit is specified in the search request. If you specify no size limit, the server will set the time limit.
When working with the Netscape Directory Server, keep in mind the following:
This result code indicates that server did not receive a required server-side sorting control.
The Netscape Directory Server 4.0 sends this result code back to the client if the server receives a search request with a "virtual list view" control but no server-side sorting control.
The "virtual list view" control requires a server-side sorting control. For more information on this control, see "Using the Virtual List View Control."
Note that versions of the Netscape Directory Server prior to 4.0 do not support the "virtual list view" control.
This result code is returned as the result of a bind operation. This code indicates that the server does not recognize or support the specified authentication method.
This result code indicates that a stronger method of authentication is required to perform the operation.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that the LDAP operation was successful.
This result code indicates that the time limit on a search operation has been exceeded.
The time limit is specified in the search request. If you specify no time limit, the server will set the time limit.
When working with the Netscape Directory Server, keep in mind the following:
This result code indicates that the LDAP client timed out while waiting for a response from the server.
The LDAP API library sets this result code in the LDAP structure if the timeout period (for example, in a search request) has been exceeded and the server has not responded.
This result code indicates that the request attempted to add an attribute type or value that already exists.
The Netscape Directory Server sends this result code back to the client in the following situations:
This result code indicates that the server is unavailable to perform the requested operation.
At this point in time, neither the LDAP API library nor the Netscape Directory Server return this result code.
This result code indicates that the specified control or matching rule is not supported by the server.
The Netscape Directory Server might send back this result code if the request includes an unsupported control or if the filter in the search request specifies an unsupported matching rule.
This result code indicates that the request specifies an undefined attribute type.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
This result code indicates that the server is unwilling to perform to requested operation.
The Netscape Directory Server sends this result code back to the client in the following situations:
-
The client has logged in for the first time and needs to change its password, but the client is requesting to perform other LDAP operations.
In this situation, the result code is accompanied by an expired password control. For details, see "Using Password Policy Controls."-
The NT Synch Service is running, and an operation is "vetoed" by the service.
-
The request is a modify DN request, and a "superior DN" is specified. (At this point in time, the Netscape Directory Server does not support the ability to use the modify DN operation to move an entry from one location in the directory tree to another location.)
-
The database is in read-only mode, and the request attempts to write to the directory.
-
The request is a delete request that attempts to delete the root DSE.
-
The request is a modify DN request that attempts to modify the DN of the root DSE.
-
The request is a modify request to modify the schema entry, and one of the following occurs:
-
The server uses a database plug-in that does not implement the operation specified in the request. For example, if the database plug-in does not implement the add operation, sending an add request will return this result code.
This result code indicates that the user cancelled the LDAP operation.
Currently, the Netscape Directory Server does not send this result code back to LDAP clients.
Table of Contents | Previous
| Next
| Index
Last Updated: 10/01/98 17:08:51