LDAP Error Codes

LDAP Error Codes


AcceptSecurityContext error, data 52e means "bad password"
AcceptSecurityContext error, data 525 means "bad user name"
AcceptSecurityContext error, data 773 means "password expiring" or similar. 


Standard error codes

Standard LDAP errors
Error / data code
Text
Description
0
LDAP_SUCCESS
Indicates the requested client operation completed successfully.
2
LDAP_PROTOCOL_ERROR
Indicates that the server has received an invalid or malformed request from the client.
3
LDAP_TIMELIMIT_EXCEEDED
Indicates that the operation's time limit specified by either the client or the server has been exceeded. On search operations, incomplete results are returned.
4
LDAP_SIZELIMIT_EXCEEDED
Indicates that in a search operation, the size limit specified by the client or the server has been exceeded. Incomplete results are returned.
5
LDAP_COMPARE_FALSE
Does not indicate an error condition. Indicates that the results of a compare operation are false.
6
LDAP_COMPARE_TRUE
Does not indicate an error condition. Indicates that the results of a compare operation are true.
7
LDAP_AUTH_METHOD_NOT_SUPPORTED
Indicates that during a bind operation the client requested an authentication method not supported by the LDAP server.
8
LDAP_STRONG_AUTH_REQUIRED
Indicates one of the following: In bind requests, the LDAP server accepts only strong authentication. In a client request, the client requested an operation such as delete that requires strong authentication. In an unsolicited notice of disconnection, the LDAP server discovers the security protecting the communication between the client and server has unexpectedly failed or been compromised.
9

Reserved.
10
LDAP_REFERRAL
Does not indicate an error condition. In LDAPv3, indicates that the server does not hold the target entry of the request, but that the servers in the referral field may.
11
LDAP_ADMINLIMIT_EXCEEDED
Indicates that an LDAP server limit set by an administrative authority has been exceeded.
12
LDAP_UNAVAILABLE_CRITICAL_EXTENSION
Indicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type.
13
LDAP_CONFIDENTIALITY_REQUIRED
Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality.
14
LDAP_SASL_BIND_IN_PROGRESS
Does not indicate an error condition, but indicates that the server is ready for the next step in the process. The client must send the server the same SASL mechanism to continue the process.
15

Not used.
16
LDAP_NO_SUCH_ATTRIBUTE
Indicates that the attribute specified in the modify or compare operation does not exist in the entry.
17
LDAP_UNDEFINED_TYPE
Indicates that the attribute specified in the modify or add operation does not exist in the LDAP server's schema.
18
LDAP_INAPPROPRIATE_MATCHING
Indicates that the matching rule specified in the search filter does not match a rule defined for the attribute's syntax.
19
LDAP_CONSTRAINT_VIOLATION
Indicates that the attribute value specified in a modify, add, or modify DN operation violates constraints placed on the attribute. The constraint can be one of size or content (string only, no binary).
20
LDAP_TYPE_OR_VALUE_EXISTS
Indicates that the attribute value specified in a modify or add operation already exists as a value for that attribute.
21
LDAP_INVALID_SYNTAX
Indicates that the attribute value specified in an add, compare, or modify operation is an unrecognized or invalid syntax for the attribute.
22-31

Not used.
32
LDAP_NO_SUCH_OBJECT
Indicates the target object cannot be found. This code is not returned on following operations: Search operations that find the search base but cannot find any entries that match the search filter. Bind operations.
33
LDAP_ALIAS_PROBLEM
Indicates that an error occurred when an alias was dereferenced.
34
LDAP_INVALID_DN_SYNTAX
Indicates that the syntax of the DN is incorrect. (If the DN syntax is correct, but the LDAP server's structure rules do not permit the operation, the server returns code 53: LDAP_UNWILLING_TO_PERFORM.)
35
LDAP_IS_LEAF
Indicates that the specified operation cannot be performed on a leaf entry. (This code is not currently in the LDAP specifications, but is reserved for this constant.)
36
LDAP_ALIAS_DEREF_PROBLEM
Indicates that during a search operation, either the client does not have access rights to read the aliased object's name or dereferencing is not allowed.
37-47

Not used.
48
LDAP_INAPPROPRIATE_AUTH
Indicates that during a bind operation, the client is attempting to use an authentication method that the client cannot use correctly. For example, either of the following cause this error: The client returns simple credentials when strong credentials are required...OR...The client returns a DN and a password for a simple bind when the entry does not have a password defined.
49
LDAP_INVALID_CREDENTIALS
Indicates that during a bind operation one of the following occurred: The client passed either an incorrect DN or password, or the password is incorrect because it has expired, intruder detection has locked the account, or another similar reason. See the data code for more information.
49 / 52e
AD_INVALID CREDENTIALS
Indicates an Active Directory (AD) AcceptSecurityContext error, which is returned when the username is valid but the combination of password and user credential is invalid. This is the AD equivalent of LDAP error code 49.
49 / 525
USER NOT FOUND
Indicates an Active Directory (AD) AcceptSecurityContext data error that is returned when the username is invalid.
49 / 530
NOT_PERMITTED_TO_LOGON_AT_THIS_TIME
Indicates an Active Directory (AD) AcceptSecurityContext data error that is
logon
failure caused because the user is not permitted to log on at this time. Returns only when presented with a valid username and valid password credential.
49 / 531
RESTRICTED_TO_SPECIFIC_MACHINES
Indicates an Active Directory (AD) AcceptSecurityContext data error that is
logon
failure caused because the user is not permitted to log on from this computer. Returns only when presented with a valid username and valid password credential.
49 / 532
PASSWORD_EXPIRED
Indicates an Active Directory (AD) AcceptSecurityContext data error that is a
logon
failure. The specified account password has expired. Returns only when presented with
valid
username and password credential.
49 / 533
ACCOUNT_DISABLED
Indicates an Active Directory (AD) AcceptSecurityContext data error that is a
logon
failure. The account is currently disabled. Returns only when presented with
valid
username and password credential.
49 / 568
ERROR_TOO_MANY_CONTEXT_IDS
Indicates that during a log-on attempt, the user's security context accumulated too many security IDs. This is an issue with the specific LDAP user object/account which should be investigated by the LDAP administrator.
49 / 701
ACCOUNT_EXPIRED
Indicates an Active Directory (AD) AcceptSecurityContext data error that is a
logon
failure. The user's account has expired. Returns only when presented with
valid
username and password credential.
49 / 773
USER MUST RESET PASSWORD
Indicates an Active Directory (AD) AcceptSecurityContext data error. The user's password must be changed before logging on the first time. Returns only when presented with valid user-name and password credential.
50
LDAP_INSUFFICIENT_ACCESS
Indicates that the caller does not have sufficient rights to perform the requested operation.
51
LDAP_BUSY
Indicates that the LDAP server is too busy to process the client request at this time but if the client waits and resubmits the request, the server may be able to process it then.
52
LDAP_UNAVAILABLE
Indicates that the LDAP server cannot process the client's bind request, usually because it is shutting down.
52e
AD_INVALID CREDENTIALS
Indicates an Active Directory (AD) AcceptSecurityContext error, which is returned when the username is valid but the combination of password and user credential is invalid. This is the AD equivalent of LDAP error code 49: LDAP_INVALID_CREDENTIALS.
53
LDAP_UNWILLING_TO_PERFORM
Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: The add entry request violates the server's structure rules...OR...The modify attribute request specifies attributes that users cannot modify...OR...Password restrictions prevent the action...OR...Connection restrictions prevent the action.
54
LDAP_LOOP_DETECT
Indicates that the client discovered an alias or referral loop, and is thus unable to complete this request.
55-63

Not used.
64
LDAP_NAMING_VIOLATION
Indicates that the add or modify DN operation violates the schema's structure rules. For example, The request places the entry subordinate to an alias. The request places the entry subordinate to a container that is forbidden by the containment rules. The RDN for the entry uses a forbidden attribute type.
65
LDAP_OBJECT_CLASS_VIOLATION
Indicates that the add, modify, or modify DN operation violates the object class rules for the entry. For example, the following types of request return this error: The add or modify operation tries to add an entry without a value for a required attribute. The add or modify operation tries to add an entry with a value for an attribute which the class definition does not contain. The modify operation tries to remove a required attribute without removing the auxiliary class that defines the attribute as required.
66
LDAP_NOT_ALLOWED_ON_NONLEAF
Indicates that the requested operation is permitted only on leaf entries. For example, the following types of requests return this error: The client requests a delete operation on a parent entry. The client request a modify DN operation on a parent entry.
67
LDAP_NOT_ALLOWED_ON_RDN
Indicates that the modify operation attempted to remove an attribute value that forms the entry's relative distinguished name.
68
LDAP_ALREADY_EXISTS
Indicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry to the name of an entry that already exists.
69
LDAP_NO_OBJECT_CLASS_MODS
Indicates that the modify operation attempted to modify the structure rules of an object class.
70
LDAP_RESULTS_TOO_LARGE
Reserved for CLDAP.
71
LDAP_AFFECTS_MULTIPLE_DSAS
Indicates that the modify DN operation moves the entry from one LDAP server to another and requires more than one LDAP server.
72-79

Not used.
80
LDAP_OTHER
Indicates an unknown error condition. This is the default value for NDS error codes which do not map to other LDAP error codes.

Customized error codes

Customized LDAP error codes
Error / data code
Text
10000
LDAP_ERROR_GENEREL
10001
LDAP_ERROR_MAL_FORMED_URL
10002
LDAP_ERROR_UNAUTHENTICATED_BIND
10300
LDAP_ERROR_COMMUNICATION_EXCEPTION
10301
LDAP_ERROR_SOCKET_TIMEOUT
10302
LDAP_ERROR_CONNECTION_REFUSED
10303
LDAP_ERROR_CONNECTION_RESET
10304
LDAP_ERROR_NO_ROUTE
10305
LDAP_ERROR_UNKNOW_HOST
10400
LDAP_ERROR_SSL_EXCEPTION
10401
LDAP_ERROR_SSL_EMPTY_CERT_STORE
10402
LDAP_ERROR_SSL_CERT_NOT_FOUND
10403
LDAP_ERROR_SSL_CERT_EXPIRED
10500
LDAP_ERROR_INVALID_SEARCH_FILTER_EXCEPTION


    • Related Articles

    • CIFS Error Codes

      Question: What do the CIFS / SMB error codes mean ? Solution: For a large table of NT codes, see https://customer.lenovosoftware.com/support/techdocs/v6/cifs-nt-codes.txt    jcifs code        nt code 1 0x00000000 0x00000000 NT_STATUS_OK 0 0xc0000001 ...
    • List of Active Directory Error Codes

      The error codes for Active Directory can be found at this Microsoft URL. http://msdn.microsoft.com/en-us/library/ms681381%28VS.85%29.aspx
    • MS AD LDAP bind errors.

      LDAP error code 49 is the generic code for authentication error.  https://helpdesk.lenovosoftware.com/portal/kb/articles/ldap-error-codes-22-8-2017 has the list of java ldap top level error codes.  To fully understand the error you need the rest of ...
    • Common Microsoft AD LDAP bind errors.

      LDAP error code 49 is the generic code for authentication error. https://helpdesk.lenovosoftware.com/portal/kb/articles/ldap-error-codes-22-8-2017 has the list of java ldap top level error codes. To fully understand the error you need the rest of the ...
    • AuthenticationException LDAP: error code 49 - 80090308

      Customer is getting the following error when webnetwork starts : javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]   The customer had changed admin ...
    • Popular Articles

    • Old Browser Versions

      Question: I am using an older browser version and am having problems. What can be done ? We are not able to upgrade the browser at this time.   This is a challenge for any company that makes software that utilizes a browser. Since Stoneware does not ...
    • LCS Redirection

      Problem: How to redirect the LCS in an environment with multiple LCSs and students connecting to them. Solution(s): Create an allow.cfg on all LCS(s) (including the Master) in the network, however, even if no allow.cfg is present on an LCS, machines ...
    • Time windows allows for Service Shutdown

      Issue: Can the time windows gives a service to shut down before it kills the service be increased? Solution: Yes, the following information comes from the Microsoft URL : http://support.microsoft.com/kb/146092 To specify the wait time, do the ...
    • How to disable password saving - Internet Explorer

      Having multiple methods for saving a password in the browser can cause confusion for the user.   To disable password saving in Internet Explorer, launch Internet Explorer and perform the following steps. Click the blue Settings menu icon in the upper ...
    • How to disable password saving - Chrome

      Having multiple methods for saving a password in the browser can cause confusion for the user.  To disable password saving in Chrome, launch Chrome and perform the following steps. Click the Chrome menu button in the upper right corner of the Chrome ...
    • Recent Articles

    • Lenovo Unified Workspace 7.0.0.63 Released

      Highlights of Unified Workspace 7.0.0.63 If you need assistance with your update, please e-mail support at support@lenovosoftware.com or visit https://unifiedworkspace.com/support/ for more information. Below is a list of enhancements and fixes for ...
    • How to fix customized login and profile after upgrading to v7.0

      With the release of 7.0 the default login page has been modified to simplify the customization process.  If you are having an issue with the login page not displaying, after upgrading to v7.0, you will need to delete the custom CSS code and start ...
    • SAML SP - Sync Directory Password

      Login script to prompt for directory password Since the user does not login into Unified Workspace with a password, we cannot capture the password to use in the @@password@@ variable.  If you would like to use the Active Directory password for other ...
    • MySQL 8 SSL

      Issue Admin is making a database connection to a MySQL 8 database.  When clicking the Ping button on the DB Connection object, the following error is presented: WARN: Establishing SSL connection without server's identity verification is not ...
    • 7.0 excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file

      excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file The following configuration is recommended for systems running 7.0.0.63, and higher. (For older 6.5 releases of UW, please see this article.) ...