基于Linux命令行须揣,軟件為OpenLDAP;
- 插入語句:ldapadd -x -h localhost -p 6005 -w password -D cn=linuxUserName -v -f fileName.ldif
- 查詢語句:ldapsearch -x -LLL -h localhost -p 6005 -w password -D cn=linuxUserName -b dc=dcValue "(|(select condition ex.attribte=?))" "attributeList to show(separate witch sapce)"
- 刪除數(shù)據(jù):ldapdelete -x -h localhost -p 6005 -w password -D cn=linuxUserName 'dn的值'
1)ldapadd: Object class violation (65)
失敗原因:插入的屬性(Attribute)屠列,沒有指明對(duì)象(Object Class)。
解決方案:添加objectclass: class名徽千,這樣的屬性行掉冶;
2)ldapadd: Constraint violation (19)
additional info: Another entry with the same attribute value already exist
失敗原因:插入的屬性路幸,某些屬性(主鍵)的值,和其他結(jié)點(diǎn)的屬性重復(fù)了模孩。
解決方案:查找配置管理表(Directory Schema)尖阔,在約束條件(Constraint)中,將唯一(Unique)的值榨咐,進(jìn)行更改介却。
3)ldapadd: Already exists (68)
失敗原因:目錄中(Directory)已經(jīng)存在一樣的數(shù)據(jù)了。
解決方案:無需再次添加
4)ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
失敗原因:沒有指定驗(yàn)證方式(authentication method)块茁;
解決方案:命令行添加-x參數(shù)齿坷;
LDAP常見錯(cuò)誤碼
LDAP_SUCCESS = 0 //成功
LDAP_OPERATIONS_ERROR = 1 //操作錯(cuò)誤
LDAP_PROTOCOL_ERROR = 2 //協(xié)議錯(cuò)誤
LDAP_TIME_LIMIT_EXCEEDED = 3 //超過最大時(shí)間限制
LDAP_SIZE_LIMIT_EXCEEDED = 4 //超過最大返回條目數(shù)
LDAP_COMPARE_FALSE = 5 //比較不匹配
LDAP_COMPARE_TRUE = 6 //比較匹配
LDAP_AUTH_METHOD_NOT_SUPPORTED = 7 //認(rèn)證方法未被支持
LDAP_STRONG_AUTH_REQUIRED = 8 //需要強(qiáng)認(rèn)證
LDAP_PARTIAL_RESULTS = 9 //null
LDAP_REFERRAL = 10 //Referral
LDAP_ADMIN_LIMIT_EXCEEDED = 11 //超出管理員權(quán)限
LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12 //Critical擴(kuò)展無效
LDAP_CONFIDENTIALITY_REQUIRED = 13 //需要Confidentiality
LDAP_SASL_BIND_IN_PROGRESS = 14 //需要SASL綁定
LDAP_NO_SUCH_ATTRIBUTE = 16 //未找到該屬性
LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17 //未定義的屬性類型
LDAP_INAPPROPRIATE_MATCHING = 18 //不適當(dāng)?shù)钠ヅ?
LDAP_CONSTRAINT_VIOLATION = 19 //約束沖突
LDAP_ATTRIBUTE_OR_value_EXISTS = 20 //屬性或值已存在
LDAP_INVALID_ATTRIBUTE_SYNTAX = 21 //無效的屬性語法
LDAP_NO_SUCH_OBJECT = 32 //未找到該對(duì)象
LDAP_ALIAS_PROBLEM = 33 //別名有問題
LDAP_INVALID_DN_SYNTAX = 34 //無效的DN語法
LDAP_IS_LEAF = 35 //null
LDAP_ALIAS_DEREFERENCING_PROBLEM = 36 //Dereference別名有問題
LDAP_INAPPROPRIATE_AUTHENTICATION = 48 //不適當(dāng)?shù)恼J(rèn)證
LDAP_INVALID_CREDENTIALS = 49 //無效的Credential
LDAP_INSUFFICIENT_ACCESS_RIGHTS = 50 //訪問權(quán)限不夠
LDAP_BUSY = 51 //遇忙
LDAP_UNAVAILABLE = 52 //無效
LDAP_UNWILLING_TO_PERform = 53 //意外問題
LDAP_LOOP_DETECT = 54 //發(fā)現(xiàn)死循環(huán)
LDAP_NAMING_VIOLATION = 64 //命名沖突
LDAP_OBJECT_CLASS_VIOLATION = 65 //對(duì)象類沖突
LDAP_NOT_ALLOWED_ON_NON_LEAF = 66 //不允許在非葉結(jié)點(diǎn)執(zhí)行此操作
LDAP_NOT_ALLOWED_ON_RDN = 67 //不允許對(duì)RDN執(zhí)行此操作
LDAP_ENTRY_ALREADY_EXISTS = 68 //Entry已存在
LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69 //禁止更改對(duì)象類
LDAP_AFFECTS_MULTIPLE_DSAS = 71 //null
LDAP_OTHER = 80 //其它
再來一份十六進(jìn)制的,大家對(duì)照吧数焊。
下面是winldap.h文件中的定義的十六進(jìn)制錯(cuò)誤碼永淌,我給其中的絕大部分加上了從活動(dòng)目錄的書上看的漢語說明,佩耳。
typedef enum
Unknown macro: {
LDAP_SUCCESS = 0x00,//操作成功
LDAP_OPERATIONS_ERROR = 0x01,//一個(gè)未指定的錯(cuò)誤發(fā)生在處理LDAP請(qǐng)求的服務(wù)器上
LDAP_PROTOCOL_ERROR = 0x02,//服務(wù)器接受到一個(gè)沒有正確格式化或順序出錯(cuò)的包
LDAP_TIMELIMIT_EXCEEDED = 0x03,//操作上指定的時(shí)間限制被超出遂蛀。這不同于服務(wù)器沒有及時(shí)響應(yīng)時(shí)的客戶方檢測(cè)到的超時(shí)錯(cuò)誤
LDAP_SIZELIMIT_EXCEEDED = 0x04,//搜索返回的項(xiàng)數(shù)超過了管理限制或請(qǐng)求限制
LDAP_COMPARE_FALSE = 0x05,//LDAP比較函數(shù)(例如ldap_compare())返回FALSE
LDAP_COMPARE_TRUE = 0x06,//LDAP比較函數(shù)(例如ldap_compare())返回TRUE
LDAP_AUTH_METHOD_NOT_SUPPORTED = 0x07,//綁定(bind)操作中(例如ldap_bind())請(qǐng)求的認(rèn)證方法不被服務(wù)器支持。如果你使用一個(gè)非微軟LDAP客戶與活動(dòng)目錄通信干厚,這種情況可能發(fā)生
LDAP_STRONG_AUTH_REQUIRED = 0x08,//服務(wù)器要求一個(gè)字符串認(rèn)證方法而不是一個(gè)簡單口令
LDAP_REFERRAL_V2 = 0x09,//搜索結(jié)果包含LDAPv2引用或者一個(gè)部分結(jié)果集
LDAP_PARTIAL_RESULTS = 0x09,
LDAP_REFERRAL = 0x0a,//請(qǐng)求操作必須由另一個(gè)擁有適當(dāng)?shù)拿舷挛膫浞莸姆?wù)器處理
LDAP_ADMIN_LIMIT_EXCEEDED = 0x0b,//管理限制被超出李滴。例如,搜索操作花費(fèi)的時(shí)間超出了服務(wù)器所允許的最大時(shí)間
LDAP_UNAVAILABLE_CRIT_EXTENSION = 0x0c,//客戶請(qǐng)求一個(gè)LDAP擴(kuò)展并且指示該擴(kuò)展是關(guān)鍵的萍诱,但是服務(wù)器并不支持?jǐn)U展
LDAP_CONFIDENTIALITY_REQUIRED = 0x0d,//操作要求某種級(jí)別的加密
LDAP_SASL_BIND_IN_PROGRESS = 0x0e,//當(dāng)一個(gè)SASL綁定(bind)已經(jīng)在客戶處理過程中時(shí)悬嗓,請(qǐng)求一個(gè)綁定(bind)操作
LDAP_NO_SUCH_ATTRIBUTE = 0x10,//客戶嘗試修改或者刪除一個(gè)并不存在的項(xiàng)的一個(gè)屬性
LDAP_UNDEFINED_TYPE = 0x11,//未定義的類型
LDAP_INAPPROPRIATE_MATCHING = 0x12,//提供的匹配規(guī)則對(duì)搜索不合適或者對(duì)于屬性不合適
LDAP_CONSTRAINT_VIOLATION = 0x13,//客戶請(qǐng)求一個(gè)將違背目錄中語義約束的操作。一個(gè)經(jīng)常的原因是不合適的改變了模式--例如當(dāng)添加一個(gè)新類時(shí)提供了一個(gè)重復(fù)的OID(對(duì)象識(shí)別符)
LDAP_ATTRIBUTE_OR_value_EXISTS = 0x14,//客戶嘗試添加一個(gè)已經(jīng)存在的屬性或值
LDAP_INVALID_SYNTAX = 0x15,//搜索過濾器的語法無效
LDAP_NO_SUCH_OBJECT = 0x20,//客戶嘗試或者刪除一個(gè)在目錄中并不存在的項(xiàng)
LDAP_ALIAS_PROBLEM = 0x21,//服務(wù)器在處理別名時(shí)遇到了一個(gè)錯(cuò)誤
LDAP_INVALID_DN_SYNTAX = 0x22,//請(qǐng)求中指定的可區(qū)別名字的格式無效
LDAP_IS_LEAF = 0x23,//函數(shù)中指定的項(xiàng)是目錄樹中的一個(gè)葉子項(xiàng)
LDAP_ALIAS_DEREF_PROBLEM = 0x24,//在解除對(duì)一個(gè)別名的引用時(shí)服務(wù)器遇到了一個(gè)錯(cuò)誤裕坊。例如包竹,目的項(xiàng)并不存在
LDAP_INAPPROPRIATE_AUTH = 0x30,//認(rèn)證級(jí)別對(duì)于操作不足
LDAP_INVALID_CREDENTIALS = 0x31,//綁定(bind)請(qǐng)求中提供的證書是無效的--例如一個(gè)無效的口令
LDAP_INSUFFICIENT_RIGHTS = 0x32,//沒有執(zhí)行該操作所需的足夠的訪問權(quán)限
LDAP_BUSY = 0x33,//服務(wù)器太忙碌而無法服務(wù)該請(qǐng)求。稍后重新嘗試
LDAP_UNAVAILABLE = 0x34,//目錄服務(wù)暫不可用。稍后重新嘗試
LDAP_UNWILLING_TO_PERform = 0x35,//由于管理策略約束方面的原因周瞎,服務(wù)器將不支持該操作--例如苗缩,如果在模式修改沒有被允許或者沒有連接到模式管理器的情況下,試圖修改該模式
LDAP_LOOP_DETECT = 0x36,//在追蹤引用的過程中声诸,客戶引用到它以前已經(jīng)引用的服務(wù)器
LDAP_SORT_CONTROL_MISSING = 0x3C,
LDAP_OFFSET_RANGE_ERROR = 0x3D,
LDAP_NAMING_VIOLATION = 0x40,//客戶指定了一個(gè)不正確的對(duì)象的可區(qū)別名字
LDAP_OBJECT_CLASS_VIOLATION = 0x41,//操作違背了類定義中定義的語義規(guī)則
LDAP_NOT_ALLOWED_ON_NONLEAF = 0x42,//所請(qǐng)求的操作只可能在一個(gè)葉子對(duì)象(非容器)上執(zhí)行
LDAP_NOT_ALLOWED_ON_RDN = 0x43,//在相對(duì)可區(qū)別名字上不允許該操作
LDAP_ALREADY_EXISTS = 0x44,//客戶試圖添加一個(gè)已經(jīng)存在的對(duì)象
LDAP_NO_OBJECT_CLASS_MODS = 0x45,//客戶試圖通過改變一個(gè)對(duì)象的objectClass屬性來修改對(duì)象的類
LDAP_RESULTS_TOO_LARGE = 0x46,//搜索操作的結(jié)果集太大酱讶,服務(wù)器無法處理
LDAP_AFFECTS_MULTIPLE_DSAS = 0x47,//所請(qǐng)求的操作將影響多個(gè)DSA--例如,在一個(gè)子樹包含一個(gè)下級(jí)引用彼乌,該引用指向另一個(gè)命名上下文的情況下泻肯,刪除該子樹將影響多個(gè)DSA(目錄服務(wù)器代理)
LDAP_VIRTUAL_LIST_VIEW_ERROR = 0x4c,
LDAP_OTHER = 0x50,//發(fā)生了一些其他的LDAP錯(cuò)誤
LDAP_SERVER_DOWN = 0x51,//LDAP服務(wù)器已關(guān)閉
LDAP_LOCAL_ERROR = 0x52,//客戶發(fā)生了其他一些未指定的錯(cuò)誤
LDAP_ENCODING_ERROR = 0x53,//在將一個(gè)LDAP請(qǐng)求編碼為ASN.1的過程中發(fā)生了一個(gè)錯(cuò)誤
LDAP_DECODING_ERROR = 0x54,//從服務(wù)器接受到的ASN.1編碼的數(shù)據(jù)是無效的
LDAP_TIMEOUT = 0x55,//在指定的時(shí)間內(nèi)服務(wù)器不能響應(yīng)客戶
LDAP_AUTH_UNKNOWN = 0x56,//在綁定(bind)請(qǐng)求中指定了一種未知的認(rèn)證機(jī)制
LDAP_FILTER_ERROR = 0x57,//搜索過濾器出現(xiàn)了某種錯(cuò)誤
LDAP_USER_CANCELLED = 0x58,//用戶取消了操作
LDAP_PARAM_ERROR = 0x59,//函數(shù)中指定的某個(gè)參數(shù)出現(xiàn)了錯(cuò)誤。例如慰照,向一個(gè)LDAP API函數(shù)傳遞一個(gè)NULL指針灶挟,但該函數(shù)并不希望這樣,在這種情況下就產(chǎn)生該錯(cuò)誤
LDAP_NO_MEMORY = 0x5a,//客戶試圖分配內(nèi)存并且失敗了
LDAP_CONNECT_ERROR = 0x5b,//客戶試圖向服務(wù)器建立一個(gè)TCP連接并且失敗了
LDAP_NOT_SUPPORTED = 0x5c,//所請(qǐng)求的操作不被這種版本的LDAP協(xié)議所支持
LDAP_NO_RESULTS_RETURNED = 0x5e,//從服務(wù)器接受到一個(gè)響應(yīng)毒租,但是它沒有包含結(jié)果
LDAP_CONTROL_NOT_FOUND = 0x5d,//從服務(wù)器接受到的數(shù)據(jù)表明有一個(gè)LDAP控制出現(xiàn)但是在數(shù)據(jù)中沒有找到一個(gè)LDAP控制
LDAP_MORE_RESULTS_TO_RETURN = 0x5f,//因?yàn)橛刑嗟慕Y(jié)果稚铣,所以客戶無法檢索
LDAP_CLIENT_LOOP = 0x60,//在處理引用時(shí)客戶檢測(cè)到一個(gè)循環(huán)
引用數(shù)目超過了限制
LDAP_REFERRAL_LIMIT_EXCEEDED = 0x61//客戶追蹤的
}
LDAP_RETCODE;
| Hex | Decimal | Constant: Description |
|---|---|---|
| 0x00 | 0 | LDAP_SUCCESS: Indicates the requested client operation completed successfully. 成功,沒什么好說的了墅垮。 |
| 0x01 | 1 | LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is unable to respond with a more specific error and is also unable to properly respond to a request. It does not indicate that the client has sent an erroneous message. 一個(gè)內(nèi)部錯(cuò)誤惕医。Server無法正確的 respond一個(gè)request,也無法生成說明錯(cuò)誤類型的 respond算色。它不代表client發(fā)送了錯(cuò)誤的消息抬伺。 In NDS 8.3x through NDS 7.xx, this was the default error for NDS errors that did not map to an LDAP error code. To conform to the new LDAP drafts, NDS 8.5 uses 80 (0x50) for such errors. In NDS 8.3x through NDS 7.xx, 這是一個(gè)沒有映射到 LDAP錯(cuò)誤碼的NDS缺省錯(cuò)誤。為了符合新的LDAP草案剃允,NDS 8.5使用80 (0x50)?代表這個(gè)錯(cuò)誤沛简。 |
| 0x02 | 2 | LDAP_PROTOCOL_ERROR: Indicates that the server has received an invalid or malformed request from the client.Server從 client收到了一個(gè)無效的或者格式不正確的request。 |
| 0x03 | 3 | LDAP_TIMELIMIT_EXCEEDED: Indicates that the operation's time limit specified by either the client or the server has been exceeded. On search operations, incomplete results are returned. 超出了 Server或者Client指定的時(shí)間限制斥废。當(dāng)進(jìn)行 serach的時(shí)候椒楣,返回不完全的結(jié)果。 |
| 0x04 | 4 | LDAP_SIZELIMIT_EXCEEDED: Indicates that in a search operation, the size limit specified by the client or the server has been exceeded. Incomplete results are returned. 在查詢的時(shí)候牡肉,超出了Server或者 Client指定的size限制捧灰。返回不完全的結(jié)果。 |
| 0x05 | 5 | LDAP_COMPARE_FALSE: Does not indicate an error condition. Indicates that the results of a compare operation are false. 不是錯(cuò)誤狀態(tài)统锤。表示比較操作的結(jié)果是 false毛俏。 |
| 0x06 | 6 | LDAP_COMPARE_TRUE: Does not indicate an error condition. Indicates that the results of a compare operation are true. 不是錯(cuò)誤狀態(tài)。表示比較操作的結(jié)果是 true饲窿。 |
| 0x07 | 7 | LDAP_AUTH_METHOD_NOT_SUPPORTED: Indicates that during a bind operation the client requested an authentication method not supported by the LDAP server. 當(dāng)進(jìn)行bind操作時(shí)煌寇, client指定的認(rèn)證方式不被LDAP Server支持。 |
| 0x08 | 8 | LDAP_STRONG_AUTH_REQUIRED: Indicates one of the following: In bind requests, the LDAP server accepts only strong authentication. In a client request, the client requested an operation such as delete that requires strong authentication. In an unsolicited notice of disconnection, the LDAP server discovers the security protecting the communication between the client and server has unexpectedly failed or been compromised. 代表下列情況之一:當(dāng)bind請(qǐng)求逾雄,LDAP server只接受strong authentication阀溶。Client要求執(zhí)行delete等需要 strong authentication的操作腻脏。看不懂银锻,大致是說當(dāng)沒有通知的斷開連接永品,Server發(fā)現(xiàn)安全的通信在server?和client之間失敗了,或者妥協(xié)了击纬。 |
| 0x09 | 9 | Reserved.保留的 |
| 0x0A | 10 | LDAP_REFERRAL: Does not indicate an error condition. In LDAPv3, indicates that the server does not hold the target entry of the request, but that the servers in the referral field may.不是錯(cuò)誤狀態(tài)鼎姐。在LDAPv3中,代表Server無法得到請(qǐng)求的Entry目標(biāo)更振,但是可以介紹一個(gè)可能得到的域(field)炕桨。 |
| 0x0B | 11 | LDAP_ADMINLIMIT_EXCEEDED: Indicates that an LDAP server limit set by an administrative authority has been exceeded.LDAP Server?的被權(quán)限管理指定的有限集合被超出。 |
| 0x0C | 12 | LDAP_UNAVAILABLE_CRITICAL_EXTENSION: Indicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type. LDAP Server不支持的request殃饿,因?yàn)橐粋€(gè)或者多個(gè)重要的擴(kuò)展是不允許的谋作。Server不支持的Control或者Control對(duì)于操作是不恰當(dāng)?shù)摹?/td> |
| 0x0D | 13 | LDAP_CONFIDENTIALITY_REQUIRED: Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality. Session沒有被諸如Transport Layer Security (TLS)?之類的協(xié)議保護(hù),無法提供Session機(jī)密性乎芳。 |
| 0x0E | 14 | LDAP_SASL_BIND_IN_PROGRESS: Does not indicate an error condition, but indicates that the server is ready for the next step in the process. The client must send the server the same SASL mechanism to continue the process. 不是錯(cuò)誤狀態(tài),代表Server已經(jīng)為 process的下一步做好了準(zhǔn)備帖池。Client必須發(fā)送相同的 SASL給Server以繼續(xù)process奈惑。 |
| 0x0F | 15 | Not used. 未使用。 |
| 0x10 | 16 | LDAP_NO_SUCH_ATTRIBUTE: Indicates that the attribute specified in the modify or compare operation does not exist in the entry. 在modify或者 compare操作中指定的屬性睡汹,在指定Entry中不存在肴甸。 |
| 0x11 | 17 | LDAP_UNDEFINED_TYPE: Indicates that the attribute specified in the modify or add operation does not exist in the LDAP server's schema. 在modify或者 add操作中指定的屬性,在LDAP Server的 Schema中不存在囚巴。 |
| 0x12 | 18 | LDAP_INAPPROPRIATE_MATCHING: Indicates that the matching rule specified in the search filter does not match a rule defined for the attribute's syntax. 在Search Filter中指定的 rule不能和syntax中的rule定義匹配原在。 |
| 0x13 | 19 | LDAP_CONSTRAINT_VIOLATION: Indicates that the attribute value specified in a modify, add, or modify DN operation violates constraints placed on the attribute. The constraint can be one of size or content (string only, no binary). 在modify、 add或者modify DN?操作中指定的屬性值彤叉,觸犯了屬性中的限制庶柿。那些限制是內(nèi)容長度或者內(nèi)容只能是String,不能是binary等秽浇。 |
| 0x14 | 20 | LDAP_TYPE_OR_VALUE_EXISTS: Indicates that the attribute value specified in a modify or add operation already exists as a value for that attribute. 在modify或者 add操作中指定的屬性值浮庐,在屬性中已經(jīng)存在了。 |
| 0x15 | 21 | LDAP_INVALID_SYNTAX: Indicates that the attribute value specified in an add, compare, or modify operation is an unrecognized or invalid syntax for the attribute. 在add柬焕、 compare或者modify操作中指定的屬性值审残,是不認(rèn)識(shí)或者無效的 syntax。 |
| - | 22-31 | Not used. 未使用斑举。 |
| 0x20 | 32 | LDAP_NO_SUCH_OBJECT : Indicates the target object cannot be found. This code is not returned on following operations: Search operations that find the search base but cannot find any entries that match the search filter. Bind operations. 無法找到目標(biāo)Object搅轿。在以下操作中不返回這個(gè)代碼:Search操作中沒有找到任何匹配serach filter的entry。Bind操作富玷。 |
| 0x21 | 33 | LDAP_ALIAS_PROBLEM: Indicates that an error occurred when an alias was dereferenced. 當(dāng)一個(gè)別名被復(fù)引用時(shí)發(fā)生錯(cuò)誤璧坟。 |
| 0x22 | 34 | LDAP_INVALID_DN_SYNTAX: Indicates that the syntax of the DN is incorrect. (If the DN syntax is correct, but the LDAP server's structure rules do not permit the operation, the server returns LDAP_UNWILLING_TO_PERFORM.)DN的句法不對(duì)既穆。(如果DN句法正確,但是LDAP Server的結(jié)構(gòu)規(guī)則不許可這個(gè)操作沸柔,Server返回LDAP_UNWILLING_TO_PERFORM循衰。 ) |
| 0x23 | 35 | LDAP_IS_LEAF: Indicates that the specified operation cannot be performed on a leaf entry. (This code is not currently in the LDAP specifications, but is reserved for this constant.) 指定的操作不能被實(shí)施于一個(gè)葉子Entry上。(?這個(gè)錯(cuò)誤碼不在當(dāng)前的LDAP規(guī)范中褐澎,但是這個(gè)常數(shù)為此而保留会钝。 ) |
| 0x24 | 36 | LDAP_ALIAS_DEREF_PROBLEM: Indicates that during a search operation, either the client does not have access rights to read the aliased object's name or dereferencing is not allowed. 在search操作中, client無權(quán)讀別名了的 對(duì)象名或者間接引用是不被許可的工三。 |
| - | 37-47 | Not used. 未使用迁酸。 |
| 0x30 | 48 | LDAP_INAPPROPRIATE_AUTH: Indicates that during a bind operation, the client is attempting to use an authentication method that the client cannot use correctly. For example, either of the following cause this error: The client returns simple credentials when strong credentials are required. The client returns a DN and a password for a simple bind when the entry does not have a password defined. 當(dāng)bind操作過程中, client試圖使用不正確的認(rèn)證方式俭正。例如奸鬓,以下情況造成這個(gè)error:Client返回簡單認(rèn)證當(dāng)需要strong credentials的時(shí)候。Client返回 DN和密碼為了簡單認(rèn)證掸读,但是 entry沒有定義密碼串远。 |
| 0x31 | 49 | LDAP_INVALID_CREDENTIALS: Indicates that during a bind operation one of the following occurred: The client passed either an incorrect DN or password. The password is incorrect because it has expired, intruder detection has locked the account, or some other similar reason. 當(dāng)bind操作過程中發(fā)生以下情況:Client傳送不正確的DN或者 password。密碼不正確儿惫,因?yàn)樗^期了澡罚,入侵檢測(cè)鎖住了帳號(hào),或者其他類似原因肾请。 |
| 0x32 | 50 | LDAP_INSUFFICIENT_ACCESS: Indicates that the caller does not have sufficient rights to perform the requested operation. 調(diào)用者沒有足夠的權(quán)限執(zhí)行請(qǐng)求的操作留搔。 |
| 0x33 | 51 | LDAP_BUSY: Indicates that the LDAP server is too busy to process the client request at this time but if the client waits and resubmits the request, the server may be able to process it then. LDAP Server太忙以至于無法處理client的請(qǐng)求,但是如果client等待然后重新提交請(qǐng)求铛铁,Server可能會(huì)處理隔显。 |
| 0x34 | 52 | LDAP_UNAVAILABLE: Indicates that the LDAP server cannot process the client's bind request, usually because it is shutting down. LDAP Server不能處理client的bind請(qǐng)求,通常是因?yàn)樗黡own機(jī)了饵逐。 |
| 0x35 | 53 | LDAP_UNWILLING_TO_PERFORM: Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: The add entry request violates the server's structure rules. The modify attribute request specifies attributes that users cannot modify. Password restrictions prevent the action. Connection restrictions prevent the action. LDAP Server不能處理request括眠,因?yàn)镾erver定義的限制。這個(gè)錯(cuò)誤在以下原因下發(fā)生:1梳毙、加Entry的request違反server的結(jié)構(gòu)規(guī)則 2哺窄、改變屬性request指定了不允許用戶修改的屬性 3、密碼限制 4账锹、連接限制 |
| 0x36 | 54 | LDAP_LOOP_DETECT: Indicates that the client discovered an alias or referral loop, and is thus unable to complete this request. client發(fā)現(xiàn)一個(gè)別名或者引用是循環(huán)的萌业,導(dǎo)致這個(gè)request無法完成。 |
| - | 55-63 | Not used. 未使用奸柬。 |
| 0x40 | 64 | LDAP_NAMING_VIOLATION: Indicates that the add or modify DN operation violates the schema's structure rules. For example, The request places the entry subordinate to an alias. The request places the entry subordinate to a container that is forbidden by the containment rules. The RDN for the entry uses a forbidden attribute type. 在 add或者 modify DN操作中違反Schema的結(jié)構(gòu)規(guī)則生年。例如:1、請(qǐng)求放置entry在別名下 2廓奕、請(qǐng)求放置entry在被包含規(guī)則禁止的容器中 3抱婉、Entry的RDN使用了禁止的屬性類型 |
| 0x41 | 65 | LDAP_OBJECT_CLASS_VIO LATION: Indicates that the add, modify, or modify DN operation violates the object class rules for the entry. For example, the following types of request return this error: The add or modify operation tries to add an entry without a value for a required attribute. The add?or modify operation tries to add an entry with a value for an attribute which the class definition does not contain. The modify operation tries to remove a required attribute without removing the auxiliary class that defines the attribute as required. 在 add档叔、modify或者modify DN操作中違反 entry的object class規(guī)則。例如蒸绩,下面類型的request導(dǎo)致這個(gè)錯(cuò)誤:1衙四、在 add或者modify操作中試圖加一個(gè)沒有必須屬性值的entry。2患亿、在 add或者modify操作中試圖加一個(gè)有class?定義中沒有的值的entry传蹈。3、在 modify操作中試圖刪除必須屬性而沒有刪除定義這個(gè)屬性為必須的那個(gè)輔助類步藕。 |
| 0x42 | 66 | LDAP_NOT_ALLOWED_ON_NONLEAF: Indicates that the requested operation is permitted only on leaf entries. For example, the following types of requests return this error: The client requests a delete operation on a parent entry. The client request a modify DN operation on a parent entry. 請(qǐng)求的操作只允許在葉子entry上執(zhí)行惦界。例如下面類型的 request導(dǎo)致這個(gè)錯(cuò)誤:1、Client請(qǐng)求刪除操作在父entry上咙冗。2沾歪、Client請(qǐng)求改變DN在父entry上。 |
| 0x43 | 67 | LDAP_NOT_ALLOWED_ON_RDN: Indicates that the modify operation attempted to remove an attribute value that forms the entry's relative distinguished name. modify操作試圖刪除關(guān)聯(lián)著DN的屬性值雾消。 |
| 0x44 | 68 | LDAP_ALREADY_EXISTS: Indicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry to the name of an entry that already exists. add操作試圖加一個(gè)已經(jīng)存在的Entry灾搏,或者modify操作試圖重命名Entry為一個(gè)已經(jīng)存在的entry的名字。 |
| 0x45 | 69 | LDAP_NO_OBJECT_CLASS_MODS: Indicates that the modify operation attempted to modify the structure rules of an object class. modify操作試圖改變object class的結(jié)構(gòu)規(guī)則立润。 |
| 0x46 | 70 | LDAP_RESULTS_TOO_LARGE: Reserved for CLDAP. 為CLDAP保留确镊。 |
| 0x47 | 71 | LDAP_AFFECTS_MULTIPLE_DSAS: Indicates that the modify DN operation moves the entry from one LDAP server to another and thus requires more than one LDAP server. modify DN的操作移動(dòng)Entry從一個(gè)LDAP Server到另一個(gè),造成需要超過一個(gè)LDAP Server范删。 |
| - | 72-79 | Not used. 未使用 |
| 0x50 | 80 | LDAP_OTHER: Indicates an unknown error condition. This is the default value for NDS error codes which do not map to other LDAP error codes. 一個(gè)未知的error狀態(tài)。這是 NDS中沒有映射到其他LDAP錯(cuò)誤碼上的錯(cuò)誤碼的缺省值拷肌。 |
