Finish port of rfc4511 into appendix for error codes. Just need to give examples as to why a user would hit a certain error in relation to a slap*/ldap* tool

2025-12-31 03:59:34 -05:00 · 2007-10-24 15:43:19 +00:00 · 2007-10-24 15:43:19 +00:00 · 802a00a016
commit 802a00a016
parent a6a584eaa8
2 changed files with 293 additions and 5 deletions
--- a/doc/guide/admin/appendix-ldap-result-codes.sdf
+++ b/doc/guide/admin/appendix-ldap-result-codes.sdf
@ -4,6 +4,262 @@

 H1:  LDAP Result Codes

-Port "Appendix A.  LDAP Result Codes" from rfc4511 and add a small explanation
-in addition to current one for ldap*/slap* tools, with the aim of fending off simple, recurring 
-questions on the lists.
+For the purposes of this guide, we have incorporated the standard LDAP result 
+codes from {{Appendix A.  LDAP Result Codes}} of rfc4511. A copy of which can 
+be found in {{F:doc/rfc}} of the OpenLDAP source code.
+
+We have expanded the description of each error in relation to the OpenLDAP 
+toolsets.
+
+H2:  Non-Error Result Codes
+
+These result codes (called "non-error" result codes) do not indicate
+an error condition:
+
+>        success (0),
+>        compareFalse (5),
+>        compareTrue (6),
+>        referral (10), and
+>        saslBindInProgress (14).
+
+The {{success}}, {{compareTrue}}, and {{compareFalse}} result codes indicate
+successful completion (and, hence, are referred to as "successful"
+result codes).
+
+The {{referral}} and {{saslBindInProgress}} result codes indicate the client
+needs to take additional action to complete the operation.
+
+H2:  Result Codes
+
+Existing LDAP result codes are described as follows:
+
+H2: {{success (0)}}
+
+Indicates the successful completion of an operation.  
+
+Note: this code is not used with the Compare operation.  See {{SECT:compareFalse (5)}} 
+and {{SECT:compareTrue (6)}}.
+
+H2: {{operationsError (1)}}
+
+Indicates that the operation is not properly sequenced with
+relation to other operations (of same or different type).
+
+For example, this code is returned if the client attempts to
+StartTLS [RFC4346] while there are other uncompleted operations
+or if a TLS layer was already installed.
+
+H2: {{protocolError (2)}}
+
+Indicates the server received data that is not well-formed.
+
+For Bind operation only, this code is also used to indicate
+that the server does not support the requested protocol
+version.
+
+For Extended operations only, this code is also used to
+indicate that the server does not support (by design or
+configuration) the Extended operation associated with the
+{{requestName}}.
+
+For request operations specifying multiple controls, this may
+be used to indicate that the server cannot ignore the order
+of the controls as specified, or that the combination of the
+specified controls is invalid or unspecified.
+
+H2: {{timeLimitExceeded (3)}}
+
+Indicates that the time limit specified by the client was
+exceeded before the operation could be completed.
+
+H2: {{sizeLimitExceeded (4)}}
+
+Indicates that the size limit specified by the client was
+exceeded before the operation could be completed.
+
+H2: {{compareFalse (5)}}
+
+Indicates that the Compare operation has successfully
+completed and the assertion has evaluated to FALSE or
+Undefined.
+
+H2: {{compareTrue (6)}}
+
+Indicates that the Compare operation has successfully
+completed and the assertion has evaluated to TRUE.
+
+H2: {{authMethodNotSupported (7)}}
+
+Indicates that the authentication method or mechanism is not
+supported.
+
+H2: {{strongerAuthRequired (8)}}
+
+Indicates the server requires strong(er) authentication in
+order to complete the operation.
+
+When used with the Notice of Disconnection operation, this
+code indicates that the server has detected that an
+established security association between the client and
+server has unexpectedly failed or been compromised.
+
+H2: {{referral (10)}}
+
+Indicates that a referral needs to be chased to complete the
+operation (see Section 4.1.10).
+
+H2: {{adminLimitExceeded (11)}}
+
+Indicates that an administrative limit has been exceeded.
+
+H2: {{unavailableCriticalExtension (12)}}
+
+Indicates a critical control is unrecognized (see Section
+4.1.11).
+
+H2: {{confidentialityRequired (13)}}
+
+Indicates that data confidentiality protections are required.
+
+H2: {{saslBindInProgress (14)}}
+
+Indicates the server requires the client to send a new bind
+request, with the same SASL mechanism, to continue the
+authentication process (see Section 4.2).
+
+H2: {{noSuchAttribute (16)}}
+
+Indicates that the named entry does not contain the specified
+attribute or attribute value.
+
+H2: {{undefinedAttributeType (17)}}
+
+Indicates that a request field contains an unrecognized
+attribute description.
+
+H2: {{inappropriateMatching (18)}}
+
+Indicates that an attempt was made (e.g., in an assertion) to
+use a matching rule not defined for the attribute type
+concerned.
+
+H2: {{constraintViolation (19)}}
+
+Indicates that the client supplied an attribute value that
+does not conform to the constraints placed upon it by the
+data model.
+
+For example, this code is returned when multiple values are
+supplied to an attribute that has a SINGLE-VALUE constraint.
+
+H2: {{attributeOrValueExists (20)}}
+
+Indicates that the client supplied an attribute or value to
+be added to an entry, but the attribute or value already
+exists.
+
+H2: {{invalidAttributeSyntax (21)}}
+
+Indicates that a purported attribute value does not conform
+to the syntax of the attribute.
+
+H2: {{noSuchObject (32)}}
+
+Indicates that the object does not exist in the DIT.
+
+H2: {{aliasProblem (33)}}
+
+Indicates that an alias problem has occurred.  For example,
+the code may used to indicate an alias has been dereferenced
+that names no object.
+
+H2: {{invalidDNSyntax (34)}}
+
+Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search
+base, target entry, ModifyDN newrdn, etc.) of a request does
+not conform to the required syntax or contains attribute
+values that do not conform to the syntax of the attribute's
+type.
+
+H2: {{aliasDereferencingProblem (36)}}
+
+Indicates that a problem occurred while dereferencing an
+alias.  Typically, an alias was encountered in a situation
+where it was not allowed or where access was denied.
+
+H2: {{inappropriateAuthentication (48)}}
+
+Indicates the server requires the client that had attempted
+to bind anonymously or without supplying credentials to
+provide some form of credentials.
+
+H2: {{invalidCredentials (49)}}
+
+Indicates that the provided credentials (e.g., the user's name
+and password) are invalid.
+
+H2: {{insufficientAccessRights (50)}}
+
+Indicates that the client does not have sufficient access
+rights to perform the operation.
+
+H2: {{busy (51)}}
+
+Indicates that the server is too busy to service the
+operation.
+
+H2: {{unavailable (52)}}
+
+Indicates that the server is shutting down or a subsystem
+necessary to complete the operation is offline.
+
+H2: {{unwillingToPerform (53)}}
+
+Indicates that the server is unwilling to perform the
+operation.
+
+H2: {{loopDetect (54)}}
+
+Indicates that the server has detected an internal loop (e.g.,
+while dereferencing aliases or chaining an operation).
+
+H2: {{namingViolation (64)}}
+
+Indicates that the entry's name violates naming restrictions.
+
+H2: {{objectClassViolation (65)}}
+
+Indicates that the entry violates object class restrictions.
+
+H2: {{notAllowedOnNonLeaf (66)}}
+
+Indicates that the operation is inappropriately acting upon a
+non-leaf entry.
+
+H2: {{notAllowedOnRDN (67)}}
+
+Indicates that the operation is inappropriately attempting to
+remove a value that forms the entry's relative distinguished
+name.
+
+H2: {{entryAlreadyExists (68)}}
+
+Indicates that the request cannot be fulfilled (added, moved,
+or renamed) as the target entry already exists.
+
+H2: {{objectClassModsProhibited (69)}}
+
+Indicates that an attempt to modify the object class(es) of
+an entry's 'objectClass' attribute is prohibited.
+
+For example, this code is returned when a client attempts to
+modify the structural object class of an entry.
+
+H2: {{affectsMultipleDSAs (71)}}
+
+Indicates that the operation cannot be performed as it would
+affect multiple servers (DSAs).
+
+H2: {{other (80)}}
+
+Indicates the server has encountered an internal error.
--- a/doc/guide/admin/aspell.en.pws
+++ b/doc/guide/admin/aspell.en.pws
@ -1,4 +1,4 @@
-personal_ws-1.1 en 1451 
+personal_ws-1.1 en 1483 
 nattrsets
 inappropriateAuthentication
 api
@ -145,11 +145,14 @@ mkversion
 objectClasses
 objectclasses
 searchResultReference
+adminLimitExceeded
 fmt
 qdescrs
 olcSuffix
+objectClassModsProhibited
 supportedControl
 GHz
+unavailableCriticalExtension
 libpath
 INADDR
 compareDN
@ -157,6 +160,7 @@ sizelimit
 unixODBC
 APIs
 blen
+notAllowedOnNonLeaf
 attrsOnly
 attrsonly
 slappasswd
@ -168,6 +172,7 @@ syncIdSet
 olcTLSCipherSuite
 username
 sizeLimitExceeded
+aliasProblem
 subst
 idl
 chroot
@ -178,6 +183,7 @@ ZKKuqbEKJfKSXhUbHG
 reqRespControls
 TLSCertificateKeyFile
 olcAccess
+aliasDereferencingProblem
 proxyTemplates
 neverDerefaliases
 RootDN
@ -199,8 +205,10 @@ dataflow
 subentries
 attrpair
 balancer
+entryAlreadyExists
 BerkeleyDB's
 singleLevel
+notAllowedOnRDN
 entryDN
 dSAOperation
 includedir
@ -296,6 +304,7 @@ newPasswdFile
 ucdata
 LLL
 confdir
+invalidCredentials
 BerValues
 olcDbLinearIndex
 Elfrink
@ -484,12 +493,14 @@ searchAttrDN
 cctrls
 tcp
 kadmin
+undefinedAttributeType
 strlen
 spellcheck
 ludpp
 typedef
 olcDbIDLcacheSize
 ostring
+toolsets
 mwrscdx
 SMD
 UCD
@ -517,6 +528,7 @@ src
 lastName
 ufn
 cron
+RelativeLDAPDN
 sql
 pwdPolicyChecker
 uid
@ -574,6 +586,7 @@ pwdPolicy
 slapd
 sasl
 slapauth
+affectsMultipleDSAs
 MANCOMPRESS
 octetStringOrderingStringMatch
 updatedn
@ -607,6 +620,7 @@ freemods
 initgroups
 auditCompare
 GDBM
+DSAs
 DSA's
 dsaschema
 compareFalse
@ -651,6 +665,7 @@ de
 reqAuthzID
 backend's
 backends
+requestName
 cn
 lcrypto
 infodir
@ -709,9 +724,11 @@ syslogged
 mk
 ng
 oc
+invalidAttributeSyntax
 errOp
 pwdMaxAge
 truelies
+insufficientAccessRights
 NL
 mr
 reindex
@ -735,6 +752,7 @@ slapover
 RL
 sockname
 MANCOMPRESSSUFFIX
+noSuchAttribute
 makeinfo
 coltags
 ro
@ -764,9 +782,10 @@ xf
 param
 MChAODQ
 caseExactIA
-Vu
 Za
+Vu
 idlecachesize
+objectClassViolation
 ws
 errSleepTime
 INSTALLFLAGS
@ -1049,6 +1068,7 @@ kbyte
 modifiersName
 keytbl
 olcHdbConfig
+constraintViolation
 README
 memcalloc
 inet
@ -1076,6 +1096,7 @@ Locators
 bvalues
 reqResult
 impl
+strongerAuthRequired
 outvalue
 returnCode
 returncode
@ -1085,6 +1106,7 @@ dnssrv
 ciphersuite
 auditlog
 reqControls
+protocolError
 notypes
 myAttributeType
 stringbv
@ -1153,6 +1175,7 @@ http
 uppercased
 Poobah
 libldap
+invalidDNSyntax
 ldap
 ldbm
 ursula
@ -1192,7 +1215,9 @@ bvfree
 sleeptime
 pwdCheckQuality
 msgidp
+confidentialityRequired
 pwdAttribute
+authMethodNotSupported
 chown
 PRNGD
 LDAPRDN
@ -1259,6 +1284,7 @@ databasetype
 woid
 numericStringOrderingMatch
 clientctrls
+inappropriateMatching
 RetCodes
 ldapc
 pwdAccountLockedTime
@ -1297,10 +1323,12 @@ olcObjectIdentifier
 endblock
 proxyAuthz
 pagedResults
+saslBindInProgress
 bitstring
 ACLs
 berptr
 olcModuleLoad
+namingViolation
 attributetype
 attributeType
 auditModRDN
@ -1357,6 +1385,7 @@ bindDn
 bindDN
 binddn
 methodp
+timeLimitExceeded
 timelimitExceeded
 pwdInHistory
 LTSTATIC
@ -1373,6 +1402,7 @@ GnuTLS
 postread
 timeval
 DHAVE
+loopDetect
 caseIgnoreSubstringsMatch
 monitorIsShadow
 syncdata
@ -1397,6 +1427,7 @@ RANDFILE
 attrlist
 aci
 directoryOperation
+compareTrue
 selfwrite
 pwdReset
 acl
@ -1416,6 +1447,7 @@ userid
 Kumar
 AES
 bdb
+attributeOrValueExists
 manageDSAit
 ManageDsaIT
 bindpw