Microsoft LDAP 錯誤代碼 (2007-08-18 23:11)

 

http://support.microsoft.com/kb/218185/

Microsoft Windows 2000 Active Directory 使用 Internet 標準的羽量級目錄訪問協定 (LDAP) 來訪問資訊。在回應各種 LDAP 請求時,網域控制站會返回包含域 LDAP 錯誤代碼的回應,這些錯誤代碼指示協定操作的狀態。本文將介紹這些錯誤代碼。

 

下表描述了這些錯誤代碼。

代碼                               值      說明

---------------------------------------------------------------------------

LDAP_SUCCESS                      0x00   請求成功。

LDAP_OPERATIONS_ERROR             0x01   LDAP 庫初始化失敗。

LDAP_PROTOCOL_ERROR               0x02   出現協定錯誤。

LDAP_TIMELIMIT_EXCEEDED           0x03   超出時間限制。

LDAP_SIZELIMIT_EXCEEDED           0x04   超出大小限制。

LDAP_COMPARE_FALSE                0x05   比較結果為 FALSE。

LDAP_COMPARE_TRUE                 0x06   比較結果為 TRUE。

LDAP_AUTH_METHOD_NOT_SUPPORTED    0x07   不支援此身份驗證方法。

LDAP_STRONG_AUTH_REQUIRED         0x08   需要加強的身份驗證。

LDAP_REFERRAL_V2                  0x09   LDAP 版本 2 檢索。

LDAP_PARTIAL_RESULTS              0x09   接收到部分結果和檢索。

LDAP_REFERRAL                     0x0a   出現檢索。

LDAP_ADMIN_LIMIT_EXCEEDED         0x0b   超出伺服器上的管理限制。

LDAP_UNAVAILABLE_CRIT_EXTENSION   0x0c   沒有精密擴展。

LDAP_CONFIDENTIALITY_REQUIRED     0x0d   需要保密。

LDAP_NO_SUCH_ATTRIBUTE            0x10   請求的屬性不存在。

LDAP_UNDEFINED_TYPE               0x11   類型未定義。

LDAP_INAPPROPRIATE_MATCHING       0x12   出現不適當的匹配。

LDAP_CONSTRAINT_VIOLATION         0x13   出現約束衝突。

LDAP_ATTRIBUTE_OR_VALUE_EXISTS    0x14   屬性已存在或已被賦值。

LDAP_INVALID_SYNTAX               0x15   語法無效。

LDAP_NO_SUCH_OBJECT               0x20   對象不存在。

ld_matched 在LDAP_NO_SUCH_OBJECT

錯誤返回事件中,這個參數包含DN匹配的程度;

LDAP_ALIAS_PROBLEM                0x21   別名無效。

LDAP_INVALID_DN_SYNTAX            0x22   辨別名的語法無效。

LDAP_IS_LEAF                      0x23   該物件為葉物件。

LDAP_ALIAS_DEREF_PROBLEM          0x24   無法取消對別名的引用。

LDAP_INAPPROPRIATE_AUTH           0x30   身份驗證不正確。

LDAP_INVALID_CREDENTIALS          0x31   提供的憑據無效。

LDAP_INSUFFICIENT_RIGHTS          0x32   用戶無足夠的存取權限。

LDAP_BUSY                         0x33   伺服器忙。

LDAP_UNAVAILABLE                  0x34   伺服器不可用。

LDAP_UNWILLING_TO_PERFORM         0x35   伺服器不處理目錄請求。

LDAP_LOOP_DETECT                  0x36   引用鏈迴圈回至引用伺服器。

LDAP_NAMING_VIOLATION             0x40   存在命名衝突。

LDAP_OBJECT_CLASS_VIOLATION       0x41   存在物件類別衝突。

LDAP_NOT_ALLOWED_ON_NONLEAF       0x42   不允許在非葉物件上操作。

LDAP_NOT_ALLOWED_ON_RDN           0x43   不允許在 RDN 上操作。

LDAP_ALREADY_EXISTS               0x44   對象已存在。

LDAP_NO_OBJECT_CLASS_MODS         0x45   無法修改物件類別。

LDAP_RESULTS_TOO_LARGE            0x46   返回的結果太大。

LDAP_AFFECTS_MULTIPLE_DSAS        0x47   多個目錄服務代理受到影響。

LDAP_OTHER                        0x50   出現未知錯誤。

LDAP_SERVER_DOWN                  0x51   無法聯繫 LDAP 伺服器。

LDAP_LOCAL_ERROR                  0x52   出現本地錯誤。

LDAP_ENCODING_ERROR               0x53   出現編碼錯誤。

LDAP_DECODING_ERROR               0x54   出現解碼錯誤。

LDAP_TIMEOUT                      0x55   搜索超時。

LDAP_AUTH_UNKNOWN                 0x56   出現未知的身份驗證錯誤。

LDAP_FILTER_ERROR                 0x57   搜索篩選器不正確。

LDAP_USER_CANCELLED               0x58   用戶已取消操作。

LDAP_PARAM_ERROR                  0x59   傳遞給常式的參數不正確。

LDAP_NO_MEMORY                    0x5a   系統記憶體不足。

LDAP_CONNECT_ERROR                0x5b   無法建立到伺服器的連接。

LDAP_NOT_SUPPORTED                0x5c   不支援此功能。

LDAP_CONTROL_NOT_FOUND            0x5d   ldap 函數找不到指定控制項。

LDAP_NO_RESULTS_RETURNED          0x5e   不支援此功能。

LDAP_MORE_RESULTS_TO_RETURN       0x5f   將返回其他結果。

LDAP_CLIENT_LOOP                  0x60   檢測到客戶迴圈。

LDAP_REFERRAL_LIMIT_EXCEEDED      0x61   超出檢索限制。

LDAP_SASL_BIND_IN_PROGRESS        0x0E   多階段綁定的中間綁定結果

 


這篇文章中的資訊適用於:

? Microsoft Windows 2000 Server
? Microsoft Windows 2000 Advanced Server
? Microsoft Windows 2000 Datacenter Server

詳細的英文解釋:

藍色是我的翻譯,紅色是不能確定的翻譯文字,黑色嘛,是原文。

Hex Decimal Constant: Description
0×00 0 LDAP_SUCCESS: Indicates the requested client operation completed successfully.
成功,沒什麼好說的了。
0×01 1 LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is unable to respond with a more specific error and is also unable to properly respond to a request. It does not indicate that the client has sent an erroneous message.
一個內部錯誤。Server無法正確的 respond 一個request,也無法生成說明錯誤類型的 respond 。它不代表client 發送了錯誤的消息。 In NDS 8.3x through NDS 7.xx, this was the default error for NDS errors that did not map to an LDAP error code. To conform to the new LDAP drafts, NDS 8.5 uses 80 (0×50) for such errors.
In NDS 8.3x through NDS 7.xx, 這是一個沒有映射到 LDAP錯誤碼的NDS缺省錯誤。為了符合新的 LDAP草案,NDS 8.5使用80 (0×50) 代表這個錯誤。
0×02 2 LDAP_PROTOCOL_ERROR: Indicates that the server has received an invalid or malformed request from the client.
Server 從 client 收到了一個無效的或者格式不正確的request 。
0×03 3 LDAP_TIMELIMIT_EXCEEDED: Indicates that the operation’s time limit specified by either the client or the server has been exceeded. On search operations, incomplete results are returned.
超出了 Server或者Client指定的時間限制。當進行 serach的時候,返回不完全的結果。
0×04 4 LDAP_SIZELIMIT_EXCEEDED: Indicates that in a search operation, the size limit specified by the client or the server has been exceeded. Incomplete results are returned.
在查詢的時候,超出了Server或者 Client指定的size限制。返回不完全的結果。
0×05 5 LDAP_COMPARE_FALSE: Does not indicate an error condition. Indicates that the results of a compare operation are false.
不是錯誤狀態。表示比較操作的結果是 false 。
0×06 6 LDAP_COMPARE_TRUE: Does not indicate an error condition. Indicates that the results of a compare operation are true.
不是錯誤狀態。表示比較操作的結果是 true 。
0×07 7 LDAP_AUTH_METHOD_NOT_SUPPORTED: Indicates that during a bind operation the client requested an authentication method not supported by the LDAP server.
當進行bind操作時, client指定的認證方式不被LDAP Server支援。
0×08 8 LDAP_STRONG_AUTH_REQUIRED: Indicates one of the following:

 

  • In bind requests, the LDAP server accepts only strong authentication.
  • In a client request, the client requested an operation such as delete that requires strong authentication.
  • In an unsolicited notice of disconnection, the LDAP server discovers the security protecting the communication between the client and server has unexpectedly failed or been compromised.

代表下列情況之一:

0×09 9 Reserved.
保留的
0×0A 10 LDAP_REFERRAL: Does not indicate an error condition. In LDAPv3, indicates that the server does not hold the target entry of the request, but that the servers in the referral field may.
不是錯誤狀態。在LDAPv3 中,代表Server無法得到請求的Entry 目標,但是可以介紹一個可能得到的域(field)。
0×0B 11 LDAP_ADMINLIMIT_EXCEEDED: Indicates that an LDAP server limit set by an administrative authority has been exceeded.
LDAP Server 的被許可權管理指定的有限集合被超出。
0×0C 12 LDAP_UNAVAILABLE_CRITICAL_EXTENSION: Indicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type.
LDAP Server不支持的request ,因為一個或者多個重要的擴展是不允許的。Server 不支持的Control或者Control 對於操作是不恰當的。
0×0D 13 LDAP_CONFIDENTIALITY_REQUIRED: Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality.
Session沒有被諸如Transport Layer Security (TLS) 之類的協議保護,無法提供Session機密性。
0×0E 14 LDAP_SASL_BIND_IN_PROGRESS: Does not indicate an error condition, but indicates that the server is ready for the next step in the process. The client must send the server the same SASL mechanism to continue the process.
不是錯誤狀態,代表Server已經為 process的下一步做好了準備。Client必須發送相同的 SASL給Server以繼續process 。
0×0F 15 Not used.
未使用。
0×10 16 LDAP_NO_SUCH_ATTRIBUTE: Indicates that the attribute specified in the modify or compare operation does not exist in the entry.
在modify或者 compare操作中指定的屬性,在指定Entry中不存在。
0×11 17 LDAP_UNDEFINED_TYPE: Indicates that the attribute specified in the modify or add operation does not exist in the LDAP server’s schema.
在modify或者 add操作中指定的屬性,在LDAP Server的 Schema中不存在。
0×12 18 LDAP_INAPPROPRIATE_MATCHING: Indicates that the matching rule specified in the search filter does not match a rule defined for the attribute’s syntax.
在Search Filter 中指定的 rule不能和syntax中的rule 定義匹配。
0×13 19 LDAP_CONSTRAINT_VIOLATION: Indicates that the attribute value specified in a modify, add, or modify DN operation violates constraints placed on the attribute. The constraint can be one of size or content (string only, no binary).
在modify、 add或者modify DN 操作中指定的屬性值,觸犯了屬性中的限制。那些限制是內容長度或者內容只能是String,不能是binary 等。
0×14 20 LDAP_TYPE_OR_VALUE_EXISTS: Indicates that the attribute value specified in a modify or add operation already exists as a value for that attribute.
在modify或者 add操作中指定的屬性值,在屬性中已經存在了。
0×15 21 LDAP_INVALID_SYNTAX: Indicates that the attribute value specified in an add, compare, or modify operation is an unrecognized or invalid syntax for the attribute.
在add、 compare或者modify 操作中指定的屬性值,是不認識或者無效的 syntax 。
  22-31 Not used.
未使用。
0×20 32 LDAP_NO_SUCH_OBJECT: Indicates the target object cannot be found. This code is not returned on following operations:

 

  • Search operations that find the search base but cannot find any entries that match the search filter.
  • Bind operations.

無法找到目標Object 。在以下操作中不返回這個代碼:

  • Search操作中沒有找到任何匹配serach filter 的entry。
  • Bind操作。
0×21 33 LDAP_ALIAS_PROBLEM: Indicates that an error occurred when an alias was dereferenced.
當一個別名被覆引用時發生錯誤。
0×22 34 LDAP_INVALID_DN_SYNTAX: Indicates that the syntax of the DN is incorrect. (If the DN syntax is correct, but the LDAP server’s structure rules do not permit the operation, the server returns LDAP_UNWILLING_TO_PERFORM.)
DN的句法不對。( 如果DN句法正確,但是LDAP Server 的結構規則不許可這個操作,Server返回LDAP_UNWILLING_TO_PERFORM 。 )
0×23 35 LDAP_IS_LEAF: Indicates that the specified operation cannot be performed on a leaf entry. (This code is not currently in the LDAP specifications, but is reserved for this constant.)
指定的操作不能被實施于一個葉子Entry 上。( 這個錯誤碼不在當前的LDAP 規範中,但是這個常數為此而保留。 )
0×24 36 LDAP_ALIAS_DEREF_PROBLEM: Indicates that during a search operation, either the client does not have access rights to read the aliased object’s name or dereferencing is not allowed.
在search 操作中, client無權讀別名了的 物件名或者間接引用是不被許可的。
  37-47 Not used.
未使用。
0×30 48 LDAP_INAPPROPRIATE_AUTH: Indicates that during a bind operation, the client is attempting to use an authentication method that the client cannot use correctly. For example, either of the following cause this error:

 

  • The client returns simple credentials when strong credentials are required.
  • The client returns a DN and a password for a simple bind when the entry does not have a password defined.

當bind操作過程中, client試圖使用不正確的認證方式。例如,以下情況造成這個error:

  • Client返回簡單認證當需要strong credentials 的時候。
  • Client返回 DN和密碼為了簡單認證,但是 entry沒有定義密碼。
0×31 49 LDAP_INVALID_CREDENTIALS: Indicates that during a bind operation one of the following occurred:

 

  • The client passed either an incorrect DN or password.
  • The password is incorrect because it has expired, intruder detection has locked the account, or some other similar reason.

當bind操作過程中發生以下情況:

  • Client傳送不正確的DN或者 password 。
  • 密碼不正確,因為它過期了,入侵偵測鎖住了帳號,或者其他類似原因。
0×32 50 LDAP_INSUFFICIENT_ACCESS: Indicates that the caller does not have sufficient rights to perform the requested operation.
調用者沒有足夠的許可權執行請求的操作。
0×33 51 LDAP_BUSY: Indicates that the LDAP server is too busy to process the client request at this time but if the client waits and resubmits the request, the server may be able to process it then.
LDAP Server太忙以至於無法處理client 的請求,但是如果client等待然後重新提交請求,Server 可能會處理。
0×34 52 LDAP_UNAVAILABLE: Indicates that the LDAP server cannot process the client’s bind request, usually because it is shutting down.
LDAP Server不能處理client 的bind請求,通常是因為它down 機了。
0×35 53 LDAP_UNWILLING_TO_PERFORM: Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons:

 

  • The add entry request violates the server’s structure rules.
  • The modify attribute request specifies attributes that users cannot modify.
  • Password restrictions prevent the action.
  • Connection restrictions prevent the action.

LDAP Server不能處理request ,因為Server定義的限制。
這個錯誤在以下原因下發生:

0×36 54 LDAP_LOOP_DETECT: Indicates that the client discovered an alias or referral loop, and is thus unable to complete this request.
client 發現一個別名或者引用是迴圈的,導致這個request 無法完成。
  55-63 Not used.
未使用。
0×40 64 LDAP_NAMING_VIOLATION: Indicates that the add or modify DN operation violates the schema’s structure rules. For example,

 

  • The request places the entry subordinate to an alias.
  • The request places the entry subordinate to a container that is forbidden by the containment rules.
  • The RDN for the entry uses a forbidden attribute type.

在 add或者 modify DN操作中違反Schema的結構規則。例如:

  • 請求放置entry在別名下
  • 請求放置entry在被包含規則禁止的容器中
  • Entry的RDN使用了禁止的屬性類型
0×41 65 LDAP_OBJECT_CLASS_VIOLATION: Indicates that the add, modify, or modify DN operation violates the object class rules for the entry. For example, the following types of request return this error:

 

  • The add or modify operation tries to add an entry without a value for a required attribute.
  • The add or modify operation tries to add an entry with a value for an attribute which the class definition does not contain.
  • The modify operation tries to remove a required attribute without removing the auxiliary class that defines the attribute as required.

在 add、 modify或者modify DN操作中違反 entry的object class規則。例如,下面類型的 request導致這個錯誤:

0×42 66 LDAP_NOT_ALLOWED_ON_NONLEAF: Indicates that the requested operation is permitted only on leaf entries. For example, the following types of requests return this error:

 

  • The client requests a delete operation on a parent entry.
  • The client request a modify DN operation on a parent entry.

請求的操作只允許在葉子entry上執行。例如下面類型的 request導致這個錯誤:

0×43 67 LDAP_NOT_ALLOWED_ON_RDN: Indicates that the modify operation attempted to remove an attribute value that forms the entry’s relative distinguished name.
modify操作試圖刪除關聯著DN 的屬性值。
0×44 68 LDAP_ALREADY_EXISTS: Indicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry to the name of an entry that already exists.
add操作試圖加一個已經存在的Entry ,或者modify操作試圖重命名Entry 為一個已經存在的entry的名字。
0×45 69 LDAP_NO_OBJECT_CLASS_MODS: Indicates that the modify operation attempted to modify the structure rules of an object class.
modify操作試圖改變object class 的結構規則。
0×46 70 LDAP_RESULTS_TOO_LARGE: Reserved for CLDAP.
為CLDAP保留。
0×47 71 LDAP_AFFECTS_MULTIPLE_DSAS: Indicates that the modify DN operation moves the entry from one LDAP server to another and thus requires more than one LDAP server.
modify DN的操作移動Entry 從一個LDAP Server到另一個,造成需要超過一個LDAP Server 。
  72-79 Not used.
未使用
0×50 80 LDAP_OTHER: Indicates an unknown error condition. This is the default value for NDS error codes which do not map to other LDAP error codes.
一個未知的error狀態。這是 NDS中沒有映射到其他LDAP錯誤碼上的錯誤碼的缺省值。

By admin

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料