&DirectorySDKForC; Result Codes

&DirectorySDKForC; Result Codes result codes C SDK result codes error codes C SDK result codes C SDK result codes C SDK result codes This chapter lists some of the result codes that can be returned by functions in the &DirectorySDKForC;. For ease of use, they are first listed in numerical order, then in alphabetical order. This chapter contains the following sections: Overview Result Codes Summary in Numerical Order Result Codes Reference in Alphabetical Order Overview LDAP result codes are extensible; thus, LDAP v3 extensions may define their own error codes, and register them with the Internet Assigned Numbers Authority (IANA). The IANA maintains a list of registered LDAP parameters, including result codes. This list includes what &DirectorySDKForC; currently knows in terms of result codes. More information can be found in RFC 4520, Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP). Result Codes Summary in Numerical Order Table 22–1 gives the decimal and hexadecimal value of all result codes. Values missing from the sequence are not assigned to a result code. Numerical Listing of Result Codes by Value Decimal Hexadecimal Defined Name 0 0x00 LDAP_SUCCESS 1 0x01 LDAP_OPERATIONS_ERROR 2 0x02 LDAP_PROTOCOL_ERROR 3 0x03 LDAP_TIMELIMIT_EXCEEDED 4 0x04 LDAP_SIZELIMIT_EXCEEDED 5 0x05 LDAP_COMPARE_FALSE 6 0x06 LDAP_COMPARE_TRUE 7 0x07 LDAP_STRONG_AUTH_NOT_SUPPORTED 8 0x08 LDAP_STRONG_AUTH_REQUIRED 9 0x09 LDAP_PARTIAL_RESULTS 10 0x0a LDAP_REFERRAL 11 0x0b LDAP_ADMINLIMIT_EXCEEDED 12 0x0c LDAP_UNAVAILABLE_CRITICAL_EXTENSION 13 0x0d LDAP_CONFIDENTIALITY_REQUIRED 14 0x0e LDAP_SASL_BIND_IN_PROGRESS 16 0x10 LDAP_NO_SUCH_ATTRIBUTE 17 0x11 LDAP_UNDEFINED_TYPE 18 0x12 LDAP_INAPPROPRIATE_MATCHING 19 0x13 LDAP_CONSTRAINT_VIOLATION 20 0x14 LDAP_TYPE_OR_VALUE_EXISTS 21 0x15 LDAP_INVALID_SYNTAX 32 0x20 LDAP_NO_SUCH_OBJECT 33 0x21 LDAP_ALIAS_PROBLEM 34 0x22 LDAP_INVALID_DN_SYNTAX 35 0x23 LDAP_IS_LEAF 36 0x24 LDAP_ALIAS_DEREF_PROBLEM 48 0x30 LDAP_INAPPROPRIATE_AUTH 49 0x31 LDAP_INVALID_CREDENTIALS 50 0x32 LDAP_INSUFFICIENT_ACCESS 51 0x33 LDAP_BUSY 52 0x34 LDAP_UNAVAILABLE 53 0x35 LDAP_UNWILLING_TO_PERFORM 54 0x36 LDAP_LOOP_DETECT 60 0x3C LDAP_SORT_CONTROL_MISSING 61 0x3D LDAP_INDEX_RANGE_ERROR 64 0x40 LDAP_NAMING_VIOLATION 65 0x41 LDAP_OBJECT_CLASS_VIOLATION 66 0x42 LDAP_NOT_ALLOWED_ON_NONLEAF 67 0x43 LDAP_NOT_ALLOWED_ON_RDN 68 0x44 LDAP_ALREADY_EXISTS 69 0x45 LDAP_NO_OBJECT_CLASS_MODS 70 0x46 LDAP_RESULTS_TOO_LARGE 71 0x47 LDAP_AFFECTS_MULTIPLE_DSAS 80 0x50 LDAP_OTHER 81 0x51 LDAP_SERVER_DOWN 82 0x52 LDAP_LOCAL_ERROR 83 0x53 LDAP_ENCODING_ERROR 84 0x54 LDAP_DECODING_ERROR 85 0x55 LDAP_TIMEOUT 86 0x56 LDAP_AUTH_UNKNOWN 87 0x57 LDAP_FILTER_ERROR 88 0x58 LDAP_USER_CANCELLED 89 0x59 LDAP_PARAM_ERROR 90 0x5a LDAP_NO_MEMORY 91 0x5b LDAP_CONNECT_ERROR 92 0x5c LDAP_NOT_SUPPORTED 93 0x5d LDAP_CONTROL_NOT_FOUND 94 0x5e LDAP_NO_RESULTS_RETURNED 95 0x5f LDAP_MORE_RESULTS_TO_RETURN 96 0x60 LDAP_CLIENT_LOOP 97 0x61 LDAP_REFERRAL_LIMIT_EXCEEDED

Result Codes Reference in Alphabetical Order result codes C SDK result codes error codes C SDK result codes C SDK result codes C SDK result codes The following sections contain the detailed reference information for each result code listed in alphabetical order by code name. LDAP_ADMINLIMIT_EXCEEDED This result code indicates that the look-through limit on a search operation has been exceeded. The look-through limit is the maximum number of entries that the server will check when gathering a list of potential search result candidates. When working with &cnDirectoryServer;, keep in mind the following: If you are bound as the root DN, the server sets an infinite look-through limit. If you are not bound as the root DN, the server sets a time limit. #define LDAP_ADMINLIMIT_EXCEEDED 0x0b /* 11 */ LDAP_AFFECTS_MULTIPLE_DSAS This result code indicates that the requested operation needs to be performed on multiple servers, where this operation is not permitted. #define LDAP_AFFECTS_MULTIPLE_DSAS 0x47 /* 71 */ LDAP_ALIAS_DEREF_PROBLEM This result code indicates that a problem occurred when dereferencing an alias. &cnDirectoryServer; does not currently send this result code back to LDAP clients. #define LDAP_ALIAS_DEREF_PROBLEM 0x24 /* 36 */ LDAP_ALIAS_PROBLEM This result code indicates that the alias is invalid. &cnDirectoryServer; does not currently send this result code back to LDAP clients. #define LDAP_ALIAS_PROBLEM 0x21 /* 33 */ LDAP_ALREADY_EXISTS This result code indicates that the request is attempting to add an entry that already exists in the directory. &cnDirectoryServer; sends this result code back to the client in the following situations: The request is an add request, and the entry already exists in the directory. The request is a modify DN request, and the new DN of the entry already identifies another entry. The request is adding an attribute to the schema, and an attribute with the specified name or object identifier (OID) already exists. #define LDAP_ALREADY_EXISTS 0x44 /* 68 */ LDAP_AUTH_UNKNOWN This result code indicates that an unknown authentication method was specified. &DirectorySDKForC; library sets this result code if ldap_bind or ldap_bind_s are called and an authentication method other than LDAP_AUTH_SIMPLE is specified. These functions only allow you to use simple authentication. #define LDAP_AUTH_UNKNOWN 0x56 /* 86 */ LDAP_BUSY This result code indicates that the server is currently too busy to perform the requested operation. #define LDAP_BUSY 0x33 /* 51 */ LDAP_CLIENT_LOOP This result code indicates that the LDAP client detected a loop, for example, when following referrals. #define LDAP_CLIENT_LOOP 0x60 /* 96 */ LDAP_COMPARE_FALSE This result code is returned after an LDAP compare operation is completed. The result indicates that the specified attribute value is not present in the specified entry. #define LDAP_COMPARE_FALSE 0x05 /* 5 */ LDAP_COMPARE_TRUE This result code is returned after an LDAP compare operation is completed. The result indicates that the specified attribute value is present in the specified entry. #define LDAP_COMPARE_TRUE 0x06 /* 6 */ LDAP_CONFIDENTIALITY_REQUIRED This result code indicates that confidentiality is required for the operation. #define LDAP_CONFIDENTIALITY_REQUIRED 0x0d /* 13 */ LDAP_CONNECT_ERROR This result code indicates that the LDAP client cannot establish a connection, or has lost the connection, with the LDAP server. &DirectorySDKForC; sets this result code. If you have not established an initial connection with the server, verify that you have specified the correct host name and port number and that the server is running. #define LDAP_CONNECT_ERROR 0x5b /* 91 */ LDAP_CONSTRAINT_VIOLATION This result code indicates that a value in the request does not comply with certain constraints. &cnDirectoryServer; sends this result code back to the client in the following situations: The request adds or modifies the userpassword attribute, and one of the following is true: The server is configured to check the password syntax, and the length of the new password is less than the minimum password length. The server is configured to check the password syntax, and the new password is the same as one of the values of the uid, cn, sn, givenname, ou, or mail attributes. The server is configured to keep a history of previous passwords, and the new password is the same as one of the previous passwords. The request is a bind request, and the user is locked out of the account. (For example, the server can be configured to lock a user out of the account after a given number of failed attempts to bind to the server.) #define LDAP_CONSTRAINT_VIOLATION 0x13 /* 19 */ LDAP_CONTROL_NOT_FOUND This result code indicates that a requested LDAP control was not found. &DirectorySDKForC; sets this result code when parsing a server response for controls and not finding the requested controls. For example: ldap_parse_entrychange_control is called, but no entry change notification control is found in the server’s response. ldap_parse_sort_control is called, but no server-side sorting control is found in the server’s response. ldap_parse_virtuallist_control is called, but no virtual list view response control is found in the server’s response. #define LDAP_CONTROL_NOT_FOUND 0x5d /* 93 */ LDAP_DECODING_ERROR This result code indicates that the LDAP client encountered an error when decoding the LDAP response received from the server. #define LDAP_DECODING_ERROR 0x54 /* 84 */ LDAP_ENCODING_ERROR This result code indicates that the LDAP client encountered an error when encoding the LDAP request to be sent to the server. #define LDAP_ENCODING_ERROR 0x53 /* 83 */ LDAP_FILTER_ERROR This result code indicates that an error occurred when specifying the search filter. &DirectorySDKForC; sets this result code if it cannot encode the specified search filter in an LDAP search request. #define LDAP_FILTER_ERROR 0x57 /* 87 */ LDAP_INAPPROPRIATE_AUTH This result code indicates that the type of credentials are not appropriate for the method of authentication used. &cnDirectoryServer; sends this result code back to the client if simple authentication is used in a bind request, but the entry has no userpassword attribute; also, if LDAP_SASL_EXTERNAL is attempted on a non-SSL connection. #define LDAP_INAPPROPRIATE_AUTH 0x30 /* 48 */ LDAP_INAPPROPRIATE_MATCHING This result code indicates that an extensible match filter in a search request contained a matching rule that does not apply to the specified attribute type. #define LDAP_INAPPROPRIATE_MATCHING 0x12 /* 18 */ LDAP_INDEX_RANGE_ERROR This result code indicates that the search results exceeded the range specified by the requested offsets. This result code applies to search requests that contain virtual list view controls. #define LDAP_INDEX_RANGE_ERROR 0x3D /* 61 */ LDAP_INSUFFICIENT_ACCESS This result code indicates that the client has insufficient access to perform the operation. Check that the user you are authenticating as has the appropriate permissions. #define LDAP_INSUFFICIENT_ACCESS 0x32 /* 50 */ LDAP_INVALID_CREDENTIALS This result code indicates that the credentials provided in the request are invalid. &cnDirectoryServer; sends this result code back to the client if a bind request contains the incorrect credentials for a user or if a user’s password has already expired. #define LDAP_INVALID_CREDENTIALS 0x31 /* 49 */ LDAP_INVALID_DN_SYNTAX This result code indicates than an invalid DN has been specified. &cnDirectoryServer; sends this result code back to the client if an add request or a modify DN request specifies an invalid DN. It also sends this code when an LDAP_SASL_EXTERNAL bind is attempted but certification to DN mapping fails. #define LDAP_INVALID_DN_SYNTAX 0x22 /* 34 */ LDAP_INVALID_SYNTAX This result code indicates that the request contains invalid syntax. &cnDirectoryServer; sends this result code back to the client in the following situations: The server encounters an access control instruction (ACI) with invalid syntax. The request attempts to add or modify an aci attribute, and the value of the attribute is an ACI with invalid syntax. The request is a search request with a substring filter, and the syntax of the filter is invalid. The request is a modify request that is attempting to modify the schema, but no values are provided (for example, the request might be attempting to delete all values of the objectclass attribute). #define LDAP_INVALID_SYNTAX 0x15 /* 21 */ LDAP_IS_LEAF This result code indicates that the specified entry is a leaf entry. &cnDirectoryServer; does not currently send this result code back to LDAP clients. #define LDAP_IS_LEAF 0x23 /* 35 */ LDAP_LOCAL_ERROR This result code indicates that an error occurred in the LDAP client, though it may also be returned by &cnDirectoryServer;. #define LDAP_LOCAL_ERROR 0x52 /* 82 */ LDAP_LOOP_DETECT This result code indicates that the server was unable to perform the requested operation because of an internal loop. &cnDirectoryServer; does not currently send this result code back to LDAP clients. #define LDAP_LOOP_DETECT 0x36 /* 54 */ LDAP_MORE_RESULTS_TO_RETURN This result code indicates that there are more results in the chain of results. The &DirectorySDKForC; sets this result code when the ldap_parse_sasl_bind_result function is called to retrieve the result code of an operation, and additional result codes from the server are available in the LDAP structure. #define LDAP_MORE_RESULTS_TO_RETURN 0x5f /* 95 */ LDAP_NAMING_VIOLATION This result code indicates that the request violates the structure of the DIT. &cnDirectoryServer; does not currently send this result code back to LDAP clients. #define LDAP_NAMING_VIOLATION 0x40 /* 64 */ LDAP_NO_MEMORY This result code indicates that no memory is available. &DirectorySDKForC; sets this result code if a function cannot allocate memory (for example, when creating an LDAP request or an LDAP control). #define LDAP_NO_MEMORY 0x5a /* 90 */ LDAP_NO_OBJECT_CLASS_MODS This result code indicates that the request is attempting to modify an object class that should not be modified (for example, a structural object class). &cnDirectoryServer; does not currently send this result code back to LDAP clients. #define LDAP_NO_OBJECT_CLASS_MODS 0x45 /* 69 */ LDAP_NO_RESULTS_RETURNED This result code indicates that no results were returned from the server. The &DirectorySDKForC; sets this result code when the ldap_parse_result function is called but no result code is included in the server’s response. #define LDAP_NO_RESULTS_RETURNED 0x5E /* 94 */ LDAP_NO_SUCH_ATTRIBUTE This result code indicates that the specified attribute does not exist in the entry. &cnDirectoryServer; might send this result code back to the client if, for example, a modify request specifies the modification or removal of a non-existent attribute or if a compare request specifies a non-existent attribute. #define LDAP_NO_SUCH_ATTRIBUTE 0x10 /* 16 */ LDAP_NO_SUCH_OBJECT This result code indicates that the server cannot find an entry specified in the request. &cnDirectoryServer; sends this result code back to the client if it cannot find a requested entry and it cannot refer your client to another LDAP server. #define LDAP_NO_SUCH_OBJECT 0x20 /* 32 */ LDAP_NOT_ALLOWED_ON_NONLEAF This result code indicates that the requested operation is allowed only on entries that do not have child entries (leaf entries as opposed to branch entries). &cnDirectoryServer; sends this result code back to the client if the request is a delete request or a modify DN request and the entry is a parent entry. You cannot delete or move a branch of entries in a single operation. #define LDAP_NOT_ALLOWED_ON_NONLEAF 0x42 /* 66 */ LDAP_NOT_ALLOWED_ON_RDN This result code indicates that the requested operation will affect the RDN of the entry. &cnDirectoryServer; sends this result code back to the client if the request is a modify request that deletes attribute values from the entry that are used in the RDN of the entry. (For example, the request removes the attribute value uid=bjensen from the entry uid=bjensen,ou=People,dc=example,dc=com.) #define LDAP_NOT_ALLOWED_ON_RDN 0x43 /* 67 */ LDAP_NOT_SUPPORTED This result code indicates that the LDAP client is attempting to use functionality that is not supported. &DirectorySDKForC; sets this result code if the client identifies itself as an LDAP v2 client, and the client is attempting to use functionality available in LDAP v3. For example: You are passing LDAP controls to a function. You are calling ldap_extended_operation , ldap_extended_operation_s, or ldap_parse_extended_result to request an extended operation or to parse an extended response. You are calling ldap_rename or ldap_rename_s, and you are specifying a new superior DN as an argument. You are calling ldap_sasl_bind, ldap_sasl_bind_s, or ldap_parse_sasl_bind_result to request Simple Authentication and Security Layer (SASL) authentication or to parse a SASL bind response. You are calling ldap_parse_virtuallist_control to parse a virtual list control from the server’s response. If you want to use these features, make sure to specify that your LDAP client is an LDAP v3 client. #define LDAP_NOT_SUPPORTED 0x5c /* 92 */ LDAP_OBJECT_CLASS_VIOLATION This result code indicates that the request specifies a new entry or a change to an existing entry that does not comply with the server’s schema. &cnDirectoryServer; sends this result code back to the client in the following situations: The request is an add request, and the new entry does not comply with the schema. For example, the new entry does not have all the required attributes, or the entry has attributes that are not allowed in the entry. The request is a modify request, and the change will make the entry non compliant with the schema. For example, the change removes a required attribute or adds an attribute that is not allowed.Check the server error logs for more information, and the schema for the type of entry that you are adding or modifying. #define LDAP_OBJECT_CLASS_VIOLATION 0x41 /* 65 */ LDAP_OPERATIONS_ERROR This is a general result code indicating that an error has occurred. &cnDirectoryServer; might send this code if, for example, memory cannot be allocated on the server. To troubleshoot this type of error, check the server’s error logs. You may need to increase the log level of the server to get additional information. #define LDAP_OPERATIONS_ERROR 0x01 /* 1 */ LDAP_OTHER This result code indicates than an unknown error has occurred. This error may be returned by &cnDirectoryServer; when an error occurs that is not better described using another LDAP error code. When this error occurs, check the server's error logs. You may need to increase the log level of the server to get additional information. #define LDAP_OTHER 0x50 /* 80 */ LDAP_PARAM_ERROR This result code indicates that an invalid parameter was specified. &DirectorySDKForC; sets this result code if a function was called and invalid parameters were specified, for example, if the LDAP structure is NULL. #define LDAP_PARAM_ERROR 0x59 /* 89 */ LDAP_PARTIAL_RESULTS &cnDirectoryServer; sends this result code to LDAP v2 clients to refer them to another LDAP server. When sending this code to a client, the server includes a new line-delimited list of LDAP URLs that identifies another LDAP server. If the client identifies itself as an LDAP v3 client in the request, an LDAP_REFERRAL result code is sent instead of this result code. #define LDAP_PARTIAL_RESULTS 0x09 /* 9 */ LDAP_PROTOCOL_ERROR This result code indicates that the LDAP client’s request does not comply with the LDAP. &cnDirectoryServer; sends this result code back to the client in the following situations: The server cannot parse the incoming request. The request specifies an attribute type that uses a syntax not supported by the server. The request is a SASL bind request, but your client identifies itself as an LDAP v2 client. The request is a bind request that specifies an unsupported version of the LDAP. Make sure to specify whether your LDAP client is an LDAP v2 client or an LDAP v3 client. The request is an add or a modify request that specifies the addition of an attribute type to an entry, but no values are specified. The request is a modify request, and one of the following is true: An unknown modify operation is specified (an operation other than LDAP_MOD_ADD, LDAP_MOD_DELETE, and LDAP_MOD_REPLACE). No modifications are specified. The request is a modify DN request, and one of the following is true: The new RDN is not a valid RDN. A new superior DN is specified, but your client identifies itself as an LDAP v2 client. The request is a search request, and one of the following is true: An unknown scope is specified, meaning a scope other than LDAP_SCOPE_BASE , LDAP_SCOPE_ONELEVEL, or LDAP_SCOPE_SUBTREE . An unknown filter type is specified. The filter type LDAP_FILTER_GE or LDAP_FILTER_LE is specified, but the type of attribute contains values that cannot be ordered. (For example, if the attribute type uses a binary syntax, the values of the attribute contain binary data, which cannot be sorted.) The request contains an extensible filter (a filter using matching rules), but your client identifies itself as an LDAP v2 client. The request contains an extensible filter (a filter using matching rules), but the matching rule is not supported by the server. The request is a search request with a server-side sorting control, and one of the following is true: The server does not have a syntax plug-in that supports the attribute used for sorting. The syntax plug-in does not have a function for comparing values of the attribute. (This compare function is used for sorting.) The type of attribute specified for sorting contains values that cannot be sorted in any order. For example, if the attribute type uses a binary syntax, the values of the attribute contain binary data, which cannot be sorted. The server encounters an error when creating the sorting response control (the control to be sent back to the client). When sorting the results, the time limit or the look-through limit is exceeded. The look-through limit is the maximum number of entries that the server will check when gathering a list of potential search result candidates. The request is an extended operation request, and the server does not support the extended operation. In &cnDirectoryServer;, extended operations are supported through extended operation server plug-ins. Make sure that the server is loading a plug-in that supports the extended operation. Check the OID of the extended operation in your LDAP client to make sure that it matches the OID of the extended operation registered in the server plug-in. An authentication method other than LDAP_AUTH_SIMPLE or LDAP_AUTH_SASL is specified.To troubleshoot this type of error, check the server’s error logs. You may need to increase the log level of the server to get additional information. #define LDAP_PROTOCOL_ERROR 0x02 /* 2 */ LDAP_REFERRAL This result code indicates that the server is referring the client to another LDAP server. When sending this code to a client, the server includes a list of LDAP URLs that identify another LDAP server. This result code is part of the LDAP v3. For LDAP v2 clients, &cnDirectoryServer; sends an LDAP_PARTIAL_RESULTS result code instead. #define LDAP_REFERRAL 0x0a /* 10 */ LDAP_REFERRAL_LIMIT_EXCEEDED This result code indicates that the referral hop limit was exceeded. &DirectorySDKForC; sets this result code, when following referrals, if the client is referred to other servers more times than allowed by the referral hop limit. #define LDAP_REFERRAL_LIMIT_EXCEEDED 0x61 /* 97 */ LDAP_RESULTS_TOO_LARGE This result code indicates that the results of the request are too large. &cnDirectoryServer; does not currently send this result code back to LDAP clients. #define LDAP_RESULTS_TOO_LARGE 0x46 /* 70 */ LDAP_SASL_BIND_IN_PROGRESS This result code is used in multi stage SASL bind operations. The server sends this result code back to the client to indicate that the authentication process has not yet completed. #define LDAP_SASL_BIND_IN_PROGRESS 0x0E /* 14 */ LDAP_SERVER_DOWN This result code indicates that &DirectorySDKForC; cannot establish a connection with, or lost the connection to, the LDAP server. If you have not established an initial connection with the server, verify that you have specified the correct host name and port number and that the server is running. #define LDAP_SERVER_DOWN 0x51 /* 81 */ LDAP_SIZELIMIT_EXCEEDED This result code indicates that the maximum number of search results to return has been exceeded. This limit is specified in the search request. If you specify no size limit, the server will set one. When working with &cnDirectoryServer;, keep in mind the following: If you are bound as the root DN and specify no size limit, the server enforces no size limit at all. If you are not bound as the root DN and specify no size limit, the server sets the size limit to the value specified by the sizelimit directive in the server’s slapd.conf configuration file. If the size limit that you specify exceeds the value specified by the sizelimit directive in the server’s slapd.conf configuration file, the server uses the size limit specified in the configuration file. #define LDAP_SIZELIMIT_EXCEEDED 0x04 /* 4 */ LDAP_SORT_CONTROL_MISSING This result code indicates that server did not receive a required server-side sorting control. &cnDirectoryServer; sends this result code back to the client if the server receives a search request with a virtual list view control but no server-side sorting control as the virtual list view control requires a server-side sorting control. #define LDAP_SORT_CONTROL_MISSING 0x3C /* 60 */ LDAP_STRONG_AUTH_NOT_SUPPORTED This result code is returned as the result of a bind operation. It indicates that the server does not recognize or support the specified authentication method. #define LDAP_STRONG_AUTH_NOT_SUPPORTED 0x07 /* 7 */ LDAP_STRONG_AUTH_REQUIRED This result code indicates that a stronger method of authentication is required to perform the operation. #define LDAP_STRONG_AUTH_REQUIRED 0x08 /* 8 */ LDAP_SUCCESS This result code indicates that the LDAP operation was successful. #define LDAP_SUCCESS 0x00 /* 0 */ LDAP_TIMELIMIT_EXCEEDED This result code indicates that the time limit on a search operation has been exceeded. The time limit is specified in the search request. If you specify no time limit, the server will set one. When working with &cnDirectoryServer;, keep in mind the following: If you are bound as the root DN and specify no time limit, the server enforces no limit at all. If you are not bound as the root DN and specify no time limit, the server sets the time limit. If the time limit that you specify exceeds the time limit specified for the server configuration, the server uses the time limit specified in its configuration. #define LDAP_TIMELIMIT_EXCEEDED 0x03 /* 3 */ LDAP_TIMEOUT This result code indicates that the LDAP client timed out while waiting for a response from the server. &DirectorySDKForC; sets this result code in the LDAP structure if the time-out period (for example, in a search request) has been exceeded and the server has not responded. #define LDAP_TIMEOUT 0x55 /* 85 */ LDAP_TYPE_OR_VALUE_EXISTS This result code indicates that the request attempted to add an attribute type or value that already exists. &cnDirectoryServer; sends this result code back to the client in the following situations: The request attempts to add values that already exist in the attribute. The request is adding an attribute to the schema of the server, but the OID of the attribute is already used by an object class in the schema. The request is adding an object class to the schema of the server, and one of the following occurs: The object class already exists. The OID of the object class is already used by another object class or an attribute in the schema. The superior object class for this new object class does not exist. #define LDAP_TYPE_OR_VALUE_EXISTS 0x14 /* 20 */ LDAP_UNAVAILABLE This result code indicates that the server is unavailable to perform the requested operation. At this point, neither &DirectorySDKForC; nor &cnDirectoryServer; return this result code. #define LDAP_UNAVAILABLE 0x34 /* 52 */ LDAP_UNAVAILABLE_CRITICAL_EXTENSION This result code indicates that the specified control or matching rule is not supported by the server. &cnDirectoryServer; might send back this result code if the request includes an unsupported control or if the filter in the search request specifies an unsupported matching rule. #define LDAP_UNAVAILABLE_CRITICAL_EXTENSION 0x0c /* 12 */ LDAP_UNDEFINED_TYPE This result code indicates that the request specifies an undefined attribute type. &cnDirectoryServer; does not currently send this result code back to LDAP clients. #define LDAP_UNDEFINED_TYPE 0x11 /* 17 */ LDAP_UNWILLING_TO_PERFORM This result code indicates that the server is unwilling to perform the requested operation. &cnDirectoryServer; sends this result code back to the client in the following situations: The client has logged in for the first time and needs to change its password, but the client is requesting to perform other LDAP operations. In this situation, the result code is accompanied by an expired password control. The request is a modify DN request, and a superior DN is specified. The database is in read-only mode, and the request attempts to write to the directory. The request is a delete request that attempts to delete the root DSE. The request is a modify DN request that attempts to modify the DN of the root DSE. The request is a modify request to modify the schema entry, and one of the following occurs: The operation is LDAP_MOD_REPLACE. (The server does not allow you to replace schema entry attributes.) The request attempts to delete an object class that is the parent of another object class. The request attempts to delete a read-only object class or attribute. The server uses a database plug-in that does not implement the operation specified in the request. For example, if the database plug-in does not implement the add operation, sending an add request will return this result code. #define LDAP_UNWILLING_TO_PERFORM 0x35 /* 53 */ LDAP_USER_CANCELLED This result code indicates that the user cancelled the LDAP operation. &cnDirectoryServer; does not currently send this result code back to LDAP clients. #define LDAP_USER_CANCELLED 0x58 /* 88 */