1.插入数据,报错:
1)ldapadd: Object class violation (65)
失败原因:插入的属性(Attribute),没有指明对象(Object Class)。
解决方案:添加objectclass: class名,这样的属性行;
2)ldapadd: Constraint violation (19)
additional info: Another entry with the same attribute value already exist
失败原因:插入的属性,某些属性(主键)的值,和其他结点的属性重复了。
解决方案:查找配置管理表(Directory Schema),在约束条件(Constraint)中,将唯一(Unique)的值,进行更改。
3)ldapadd: Already exists (68)
失败原因:目录中(Directory)已经存在一样的数据了。
解决方案:无需再次添加
4)ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
失败原因:没有指定验证方式(authentication method);
解决方案:命令行添加-x参数;
*)贴附,所有常见错误code,以及汉语翻译,出处:
http://blog.sina.com.cn/s/blog_70328f460101ly1i.html
LDAP常见错误码
LDAP_SUCCESS = 0 //成功
LDAP_OPERATIONS_ERROR = 1 //操作错误
LDAP_PROTOCOL_ERROR = 2 //协议错误
LDAP_TIME_LIMIT_EXCEEDED = 3 //超过最大时间限制
LDAP_SIZE_LIMIT_EXCEEDED = 4 //超过最大返回条目数
LDAP_COMPARE_FALSE = 5 //比较不匹配
LDAP_COMPARE_TRUE = 6 //比较匹配
LDAP_AUTH_METHOD_NOT_SUPPORTED = 7 //认证方法未被支持
LDAP_STRONG_AUTH_REQUIRED = 8 //需要强认证
LDAP_PARTIAL_RESULTS = 9 //null
LDAP_REFERRAL = 10 //Referral
LDAP_ADMIN_LIMIT_EXCEEDED = 11 //超出管理员权限
LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12 //Critical扩展无效
LDAP_CONFIDENTIALITY_REQUIRED = 13 //需要Confidentiality
LDAP_SASL_BIND_IN_PROGRESS = 14 //需要SASL绑定
LDAP_NO_SUCH_ATTRIBUTE = 16 //未找到该属性
LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17 //未定义的属性类型
LDAP_INAPPROPRIATE_MATCHING = 18 //不适当的匹配
LDAP_CONSTRAINT_VIOLATION = 19 //约束冲突
LDAP_ATTRIBUTE_OR_value_EXISTS = 20 //属性或值已存在
LDAP_INVALID_ATTRIBUTE_SYNTAX = 21 //无效的属性语法
LDAP_NO_SUCH_OBJECT = 32 //未找到该对象
LDAP_ALIAS_PROBLEM = 33 //别名有问题
LDAP_INVALID_DN_SYNTAX = 34 //无效的DN语法
LDAP_IS_LEAF = 35 //null
LDAP_ALIAS_DEREFERENCING_PROBLEM = 36 //Dereference别名有问题
LDAP_INAPPROPRIATE_AUTHENTICATION = 48 //不适当的认证
LDAP_INVALID_CREDENTIALS = 49 //无效的Credential
LDAP_INSUFFICIENT_ACCESS_RIGHTS = 50 //访问权限不够
LDAP_BUSY = 51 //遇忙
LDAP_UNAVAILABLE = 52 //无效
LDAP_UNWILLING_TO_PERform = 53 //意外问题
LDAP_LOOP_DETECT = 54 //发现死循环
LDAP_NAMING_VIOLATION = 64 //命名冲突
LDAP_OBJECT_CLASS_VIOLATION = 65 //对象类冲突
LDAP_NOT_ALLOWED_ON_NON_LEAF = 66 //不允许在非叶结点执行此操作
LDAP_NOT_ALLOWED_ON_RDN = 67 //不允许对RDN执行此操作
LDAP_ENTRY_ALREADY_EXISTS = 68 //Entry已存在
LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69 //禁止更改对象类
LDAP_AFFECTS_MULTIPLE_DSAS = 71 //null
LDAP_OTHER = 80 //其它
再来一份十六进制的,大家对照吧。
下面是winldap.h文件中的定义的十六进制错误码,我给其中的绝大部分加上了从活动目录的书上看的汉语说明,。
typedef enum
Unknown macro: {
LDAP_SUCCESS = 0x00,//操作成功
LDAP_OPERATIONS_ERROR = 0x01,//一个未指定的错误发生在处理LDAP请求的服务器上
LDAP_PROTOCOL_ERROR = 0x02,//服务器接受到一个没有正确格式化或顺序出错的包
LDAP_TIMELIMIT_EXCEEDED = 0x03,//操作上指定的时间限制被超出。这不同于服务器没有及时响应时的客户方检测到的超时错误
LDAP_SIZELIMIT_EXCEEDED = 0x04,//搜索返回的项数超过了管理限制或请求限制
LDAP_COMPARE_FALSE = 0x05,//LDAP比较函数(例如ldap_compare())返回FALSE
LDAP_COMPARE_TRUE = 0x06,//LDAP比较函数(例如ldap_compare())返回TRUE
LDAP_AUTH_METHOD_NOT_SUPPORTED = 0x07,//绑定(bind)操作中(例如ldap_bind())请求的认证方法不被服务器支持。如果你使用一个非微软LDAP客户与活动目录通信,这种情况可能发生
LDAP_STRONG_AUTH_REQUIRED = 0x08,//服务器要求一个字符串认证方法而不是一个简单口令
LDAP_REFERRAL_V2 = 0x09,//搜索结果包含LDAPv2引用或者一个部分结果集
LDAP_PARTIAL_RESULTS = 0x09,
LDAP_REFERRAL = 0x0a,//请求操作必须由另一个拥有适当的命名上下文备份的服务器处理
LDAP_ADMIN_LIMIT_EXCEEDED = 0x0b,//管理限制被超出。例如,搜索操作花费的时间超出了服务器所允许的最大时间
LDAP_UNAVAILABLE_CRIT_EXTENSION = 0x0c,//客户请求一个LDAP扩展并且指示该扩展是关键的,但是服务器并不支持扩展
LDAP_CONFIDENTIALITY_REQUIRED = 0x0d,//操作要求某种级别的加密
LDAP_SASL_BIND_IN_PROGRESS = 0x0e,//当一个SASL绑定(bind)已经在客户处理过程中时,请求一个绑定(bind)操作
LDAP_NO_SUCH_ATTRIBUTE = 0x10,//客户尝试修改或者删除一个并不存在的项的一个属性
LDAP_UNDEFINED_TYPE = 0x11,//未定义的类型
LDAP_INAPPROPRIATE_MATCHING = 0x12,//提供的匹配规则对搜索不合适或者对于属性不合适
LDAP_CONSTRAINT_VIOLATION = 0x13,//客户请求一个将违背目录中语义约束的操作。一个经常的原因是不合适的改变了模式--例如当添加一个新类时提供了一个重复的OID(对象识别符)
LDAP_ATTRIBUTE_OR_value_EXISTS = 0x14,//客户尝试添加一个已经存在的属性或值
LDAP_INVALID_SYNTAX = 0x15,//搜索过滤器的语法无效
LDAP_NO_SUCH_OBJECT = 0x20,//客户尝试或者删除一个在目录中并不存在的项
LDAP_ALIAS_PROBLEM = 0x21,//服务器在处理别名时遇到了一个错误
LDAP_INVALID_DN_SYNTAX = 0x22,//请求中指定的可区别名字的格式无效
LDAP_IS_LEAF = 0x23,//函数中指定的项是目录树中的一个叶子项
LDAP_ALIAS_DEREF_PROBLEM = 0x24,//在解除对一个别名的引用时服务器遇到了一个错误。例如,目的项并不存在
LDAP_INAPPROPRIATE_AUTH = 0x30,//认证级别对于操作不足
LDAP_INVALID_CREDENTIALS = 0x31,//绑定(bind)请求中提供的证书是无效的--例如一个无效的口令
LDAP_INSUFFICIENT_RIGHTS = 0x32,//没有执行该操作所需的足够的访问权限
LDAP_BUSY = 0x33,//服务器太忙碌而无法服务该请求。稍后重新尝试
LDAP_UNAVAILABLE = 0x34,//目录服务暂不可用。稍后重新尝试
LDAP_UNWILLING_TO_PERform = 0x35,//由于管理策略约束方面的原因,服务器将不支持该操作--例如,如果在模式修改没有被允许或者没有连接到模式管理器的情况下,试图修改该模式
LDAP_LOOP_DETECT = 0x36,//在追踪引用的过程中,客户引用到它以前已经引用的服务器
LDAP_SORT_CONTROL_MISSING = 0x3C,
LDAP_OFFSET_RANGE_ERROR = 0x3D,
LDAP_NAMING_VIOLATION = 0x40,//客户指定了一个不正确的对象的可区别名字
LDAP_OBJECT_CLASS_VIOLATION = 0x41,//操作违背了类定义中定义的语义规则
LDAP_NOT_ALLOWED_ON_NONLEAF = 0x42,//所请求的操作只可能在一个叶子对象(非容器)上执行
LDAP_NOT_ALLOWED_ON_RDN = 0x43,//在相对可区别名字上不允许该操作
LDAP_ALREADY_EXISTS = 0x44,//客户试图添加一个已经存在的对象
LDAP_NO_OBJECT_CLASS_MODS = 0x45,//客户试图通过改变一个对象的objectClass属性来修改对象的类
LDAP_RESULTS_TOO_LARGE = 0x46,//搜索操作的结果集太大,服务器无法处理
LDAP_AFFECTS_MULTIPLE_DSAS = 0x47,//所请求的操作将影响多个DSA--例如,在一个子树包含一个下级引用,该引用指向另一个命名上下文的情况下,删除该子树将影响多个DSA(目录服务器代理)
LDAP_VIRTUAL_LIST_VIEW_ERROR = 0x4c,
LDAP_OTHER = 0x50,//发生了一些其他的LDAP错误
LDAP_SERVER_DOWN = 0x51,//LDAP服务器已关闭
LDAP_LOCAL_ERROR = 0x52,//客户发生了其他一些未指定的错误
LDAP_ENCODING_ERROR = 0x53,//在将一个LDAP请求编码为ASN.1的过程中发生了一个错误
LDAP_DECODING_ERROR = 0x54,//从服务器接受到的ASN.1编码的数据是无效的
LDAP_TIMEOUT = 0x55,//在指定的时间内服务器不能响应客户
LDAP_AUTH_UNKNOWN = 0x56,//在绑定(bind)请求中指定了一种未知的认证机制
LDAP_FILTER_ERROR = 0x57,//搜索过滤器出现了某种错误
LDAP_USER_CANCELLED = 0x58,//用户取消了操作
LDAP_PARAM_ERROR = 0x59,//函数中指定的某个参数出现了错误。例如,向一个LDAP API函数传递一个NULL指针,但该函数并不希望这样,在这种情况下就产生该错误
LDAP_NO_MEMORY = 0x5a,//客户试图分配内存并且失败了
LDAP_CONNECT_ERROR = 0x5b,//客户试图向服务器建立一个TCP连接并且失败了
LDAP_NOT_SUPPORTED = 0x5c,//所请求的操作不被这种版本的LDAP协议所支持
LDAP_NO_RESULTS_RETURNED = 0x5e,//从服务器接受到一个响应,但是它没有包含结果
LDAP_CONTROL_NOT_FOUND = 0x5d,//从服务器接受到的数据表明有一个LDAP控制出现但是在数据中没有找到一个LDAP控制
LDAP_MORE_RESULTS_TO_RETURN = 0x5f,//因为有太多的结果,所以客户无法检索
LDAP_CLIENT_LOOP = 0x60,//在处理引用时客户检测到一个循环
引用数目超过了限制
LDAP_REFERRAL_LIMIT_EXCEEDED = 0x61//客户追踪的
}
LDAP_RETCODE;
Hex |
Decimal |
Constant: Description |
0x00 |
0 |
LDAP_SUCCESS: Indicates the requested client operation completed successfully. |
0x01 |
1 |
LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is unable to respond with a more specific error and is also unable to properly respond to a request. It does not indicate that the client has sent an erroneous message. |
0x02 |
2 |
LDAP_PROTOCOL_ERROR: Indicates that the server has received an invalid or malformed request from the client. |
0x03 |
3 |
LDAP_TIMELIMIT_EXCEEDED: Indicates that the operation's time limit specified by either the client or the server has been exceeded. On search operations, incomplete results are returned. |
0x04 |
4 |
LDAP_SIZELIMIT_EXCEEDED: Indicates that in a search operation, the size limit specified by the client or the server has been exceeded. Incomplete results are returned. |
0x05 |
5 |
LDAP_COMPARE_FALSE: Does not indicate an error condition. Indicates that the results of a compare operation are false. |
0x06 |
6 |
LDAP_COMPARE_TRUE: Does not indicate an error condition. Indicates that the results of a compare operation are true. |
0x07 |
7 |
LDAP_AUTH_METHOD_NOT_SUPPORTED: Indicates that during a bind operation the client requested an authentication method not supported by the LDAP server. |
0x08 |
8 |
LDAP_STRONG_AUTH_REQUIRED: Indicates one of the following:
代表下列情况之一:
|
0x09 |
9 |
Reserved. |
0x0A |
10 |
LDAP_REFERRAL: Does not indicate an error condition. In LDAPv3, indicates that the server does not hold the target entry of the request, but that the servers in the referral field may. |
0x0B |
11 |
LDAP_ADMINLIMIT_EXCEEDED: Indicates that an LDAP server limit set by an administrative authority has been exceeded. |
0x0C |
12 |
LDAP_UNAVAILABLE_CRITICAL_EXTENSION: Indicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type. |
0x0D |
13 |
LDAP_CONFIDENTIALITY_REQUIRED: Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality. |
0x0E |
14 |
LDAP_SASL_BIND_IN_PROGRESS: Does not indicate an error condition, but indicates that the server is ready for the next step in the process. The client must send the server the same SASL mechanism to continue the process.? |
0x0F |
15 |
Not used. |
0x10 |
16 |
LDAP_NO_SUCH_ATTRIBUTE: Indicates that the attribute specified in?the modify?or compare operation does not exist in the entry. |
0x11 |
17 |
LDAP_UNDEFINED_TYPE: Indicates that the attribute specified in?the modify?or add operation does not exist in the LDAP server's schema. |
0x12 |
18 |
LDAP_INAPPROPRIATE_MATCHING: Indicates that the matching rule specified in the search filter does not match a rule defined for the attribute's syntax. |
0x13 |
19 |
LDAP_CONSTRAINT_VIOLATION: Indicates that the attribute value specified in?a modify, add, or modify DN operation violates constraints placed on the attribute. The constraint can be one of size or content (string only, no binary). |
0x14 |
20 |
LDAP_TYPE_OR_VALUE_EXISTS: Indicates that the attribute value specified in?a modify?or add operation already exists as a value for that attribute. |
0x15 |
21 |
LDAP_INVALID_SYNTAX: Indicates that the attribute value specified in?an add, compare, or modify operation is an unrecognized or invalid syntax for the attribute. |
? |
22-31 |
Not used. |
0x20 |
32 |
LDAP_NO_SUCH_OBJECT : Indicates the target object cannot be found. This code is not returned on following operations:
无法找到目标Object?。在以下操作中不返回这个代码:
|
0x21 |
33 |
LDAP_ALIAS_PROBLEM: Indicates that an error occurred when an alias was?dereferenced.? |
0x22 |
34 |
LDAP_INVALID_DN_SYNTAX: Indicates that the syntax of the DN is incorrect. (If the DN syntax is correct, but the LDAP server's structure rules do not permit the operation, the server returns LDAP_UNWILLING_TO_PERFORM.) |
0x23 |
35 |
LDAP_IS_LEAF: Indicates that the specified operation cannot be performed on a leaf entry. (This code is not currently in the LDAP specifications, but is reserved for this constant.) |
0x24 |
36 |
LDAP_ALIAS_DEREF_PROBLEM: Indicates that during a search operation, either the client does not have access rights to read the aliased object's name or dereferencing is not allowed. |
? |
37-47 |
Not used. |
0x30 |
48 |
LDAP_INAPPROPRIATE_AUTH: Indicates that during a bind operation, the client is attempting to use an authentication method that the client cannot use correctly. For example, either of the following cause this error:
当bind操作过程中, client试图使用不正确的认证方式。例如,以下情况造成这个error:
|
0x31 |
49 |
LDAP_INVALID_CREDENTIALS: Indicates that during a bind operation one of the following occurred:
当bind操作过程中发生以下情况:
|
0x32 |
50 |
LDAP_INSUFFICIENT_ACCESS: Indicates that the caller does not have sufficient rights to perform the requested operation. |
0x33 |
51 |
LDAP_BUSY: Indicates that the LDAP server is too busy to process the client request at this time but if the client waits and resubmits the request, the server may be able to process it then. |
0x34 |
52 |
LDAP_UNAVAILABLE: Indicates that the LDAP server cannot process the client's bind request, usually because it is shutting down. |
0x35 |
53 |
LDAP_UNWILLING_TO_PERFORM: Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons:
LDAP Server不能处理request?,因为Server定义的限制。
|
0x36 |
54 |
LDAP_LOOP_DETECT: Indicates that the client discovered an alias or referral loop, and is thus unable to complete this request. |
? |
55-63 |
Not used. |
0x40 |
64 |
LDAP_NAMING_VIOLATION: Indicates that?the add?or modify DN operation violates the schema's structure rules. For example,
在 add或者 modify DN操作中违反Schema的结构规则。例如:
|
0x41 |
65 |
LDAP_OBJECT_CLASS_VIO LATION: Indicates that?the add, modify, or modify DN operation violates the object class rules for the entry. For example, the following types of request return this error:
在 add、 modify或者modify DN操作中违反 entry的object class规则。例如,下面类型的request导致这个错误:
|
0x42 |
66 |
LDAP_NOT_ALLOWED_ON_NONLEAF: Indicates that the requested operation is permitted only on leaf entries. For example, the following types of requests return this error:
请求的操作只允许在叶子entry上执行。例如下面类型的 request导致这个错误:
|
0x43 |
67 |
LDAP_NOT_ALLOWED_ON_RDN: Indicates that the modify operation attempted to remove an attribute value that forms the entry's relative distinguished name. |
0x44 |
68 |
LDAP_ALREADY_EXISTS: Indicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry to the name of an entry that already exists. |
0x45 |
69 |
LDAP_NO_OBJECT_CLASS_MODS: Indicates that the modify operation attempted to modify the structure rules of an object class. |
0x46 |
70 |
LDAP_RESULTS_TOO_LARGE: Reserved for CLDAP.? |
0x47 |
71 |
LDAP_AFFECTS_MULTIPLE_DSAS: Indicates that the modify DN operation moves the entry from one LDAP server to another and thus requires more than one LDAP server. |
? |
72-79 |
Not used. |
0x50 |
80 |
LDAP_OTHER: Indicates an unknown error condition. This is the default value for NDS error codes which do not map to other LDAP error codes.? |