Junky's IT Notebook

统计

留言簿(8)

积分与排名

WebSphere Studio

阅读排行榜

评论排行榜

Microsoft LDAP 错误代码

http://support.microsoft.com/kb/218185/

Microsoft Windows 2000 Active Directory 使用 Internet 标准的轻量级目录访问协议 (LDAP) 来访问信息。在响应各种 LDAP 请求时,域控制器会返回包含域 LDAP 错误代码的响应,这些错误代码指示协议操作的状态。本文将介绍这些错误代码。


下表描述了这些错误代码。
     代码                               值      说明
---------------------------------------------------------------------------
LDAP_SUCCESS                      0x00   请求成功。
LDAP_OPERATIONS_ERROR             0x01   LDAP 库初始化失败。
LDAP_PROTOCOL_ERROR               0x02   出现协议错误。
LDAP_TIMELIMIT_EXCEEDED           0x03   超出时间限制。
LDAP_SIZELIMIT_EXCEEDED           0x04   超出大小限制。
LDAP_COMPARE_FALSE                0x05   比较结果为 FALSE。
LDAP_COMPARE_TRUE                 0x06   比较结果为 TRUE。
LDAP_AUTH_METHOD_NOT_SUPPORTED    0x07   不支持此身份验证方法。
LDAP_STRONG_AUTH_REQUIRED         0x08   需要加强的身份验证。
LDAP_REFERRAL_V2                  0x09   LDAP 版本 2 检索。
LDAP_PARTIAL_RESULTS              0x09   接收到部分结果和检索。
LDAP_REFERRAL                     0x0a   出现检索。
LDAP_ADMIN_LIMIT_EXCEEDED         0x0b   超出服务器上的管理限制。
LDAP_UNAVAILABLE_CRIT_EXTENSION   0x0c   没有精密扩展。
LDAP_CONFIDENTIALITY_REQUIRED     0x0d   需要保密。
LDAP_NO_SUCH_ATTRIBUTE            0x10   请求的属性不存在。
LDAP_UNDEFINED_TYPE               0x11   类型未定义。
LDAP_INAPPROPRIATE_MATCHING       0x12   出现不适当的匹配。
LDAP_CONSTRAINT_VIOLATION         0x13   出现约束冲突。
LDAP_ATTRIBUTE_OR_VALUE_EXISTS    0x14   属性已存在或已被赋值。
LDAP_INVALID_SYNTAX               0x15   语法无效。
LDAP_NO_SUCH_OBJECT               0x20   对象不存在。
ld_matched 在LDAP_NO_SUCH_OBJECT
错误返回事件中,这个参数包含DN匹配的程度; LDAP_ALIAS_PROBLEM 0x21 别名无效。 LDAP_INVALID_DN_SYNTAX 0x22 辨别名的语法无效。 LDAP_IS_LEAF 0x23 该对象为叶对象。 LDAP_ALIAS_DEREF_PROBLEM 0x24 无法取消对别名的引用。 LDAP_INAPPROPRIATE_AUTH 0x30 身份验证不正确。 LDAP_INVALID_CREDENTIALS 0x31 提供的凭据无效。 LDAP_INSUFFICIENT_RIGHTS 0x32 用户无足够的访问权限。 LDAP_BUSY 0x33 服务器忙。 LDAP_UNAVAILABLE 0x34 服务器不可用。 LDAP_UNWILLING_TO_PERFORM 0x35 服务器不处理目录请求。 LDAP_LOOP_DETECT 0x36 引用链循环回至引用服务器。 LDAP_NAMING_VIOLATION 0x40 存在命名冲突。 LDAP_OBJECT_CLASS_VIOLATION 0x41 存在对象类别冲突。 LDAP_NOT_ALLOWED_ON_NONLEAF 0x42 不允许在非叶对象上操作。 LDAP_NOT_ALLOWED_ON_RDN 0x43 不允许在 RDN 上操作。 LDAP_ALREADY_EXISTS 0x44 对象已存在。 LDAP_NO_OBJECT_CLASS_MODS 0x45 无法修改对象类别。 LDAP_RESULTS_TOO_LARGE 0x46 返回的结果太大。 LDAP_AFFECTS_MULTIPLE_DSAS 0x47 多个目录服务代理受到影响。 LDAP_OTHER 0x50 出现未知错误。 LDAP_SERVER_DOWN 0x51 无法联系 LDAP 服务器。 LDAP_LOCAL_ERROR 0x52 出现本地错误。 LDAP_ENCODING_ERROR 0x53 出现编码错误。 LDAP_DECODING_ERROR 0x54 出现解码错误。 LDAP_TIMEOUT 0x55 搜索超时。 LDAP_AUTH_UNKNOWN 0x56 出现未知的身份验证错误。 LDAP_FILTER_ERROR 0x57 搜索筛选器不正确。 LDAP_USER_CANCELLED 0x58 用户已取消操作。 LDAP_PARAM_ERROR 0x59 传递给例程的参数不正确。 LDAP_NO_MEMORY 0x5a 系统内存不足。 LDAP_CONNECT_ERROR 0x5b 无法建立到服务器的连接。 LDAP_NOT_SUPPORTED 0x5c 不支持此功能。 LDAP_CONTROL_NOT_FOUND 0x5d ldap 函数找不到指定控件。 LDAP_NO_RESULTS_RETURNED 0x5e 不支持此功能。 LDAP_MORE_RESULTS_TO_RETURN 0x5f 将返回其他结果。 LDAP_CLIENT_LOOP 0x60 检测到客户循环。 LDAP_REFERRAL_LIMIT_EXCEEDED 0x61 超出检索限制。 LDAP_SASL_BIND_IN_PROGRESS 0x0E 多阶段绑定的中间绑定结果

这篇文章中的信息适用于:
? Microsoft Windows 2000 Server
? Microsoft Windows 2000 Advanced Server
? Microsoft Windows 2000 Datacenter Server
详细的英文解释:

蓝色是我的翻译,红色是不能确定的翻译文字,黑色嘛,是原文。

Hex Decimal Constant: Description
0×00 0 LDAP_SUCCESS: Indicates the requested client operation completed successfully.
成功,没什么好说的了。
0×01 1 LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is unable to respond with a more specific error and is also unable to properly respond to a request. It does not indicate that the client has sent an erroneous message.
一个内部错误。Server无法正确的 respond 一个request,也无法生成说明错误类型的 respond 。它不代表client 发送了错误的消息。 In NDS 8.3x through NDS 7.xx, this was the default error for NDS errors that did not map to an LDAP error code. To conform to the new LDAP drafts, NDS 8.5 uses 80 (0×50) for such errors.
In NDS 8.3x through NDS 7.xx, 这是一个没有映射到 LDAP错误码的NDS缺省错误。为了符合新的 LDAP草案,NDS 8.5使用80 (0×50) 代表这个错误。
0×02 2 LDAP_PROTOCOL_ERROR: Indicates that the server has received an invalid or malformed request from the client.
Server 从 client 收到了一个无效的或者格式不正确的request 。
0×03 3 LDAP_TIMELIMIT_EXCEEDED: Indicates that the operation’s time limit specified by either the client or the server has been exceeded. On search operations, incomplete results are returned.
超出了 Server或者Client指定的时间限制。当进行 serach的时候,返回不完全的结果。
0×04 4 LDAP_SIZELIMIT_EXCEEDED: Indicates that in a search operation, the size limit specified by the client or the server has been exceeded. Incomplete results are returned.
在查询的时候,超出了Server或者 Client指定的size限制。返回不完全的结果。
0×05 5 LDAP_COMPARE_FALSE: Does not indicate an error condition. Indicates that the results of a compare operation are false.
不是错误状态。表示比较操作的结果是 false 。
0×06 6 LDAP_COMPARE_TRUE: Does not indicate an error condition. Indicates that the results of a compare operation are true.
不是错误状态。表示比较操作的结果是 true 。
0×07 7 LDAP_AUTH_METHOD_NOT_SUPPORTED: Indicates that during a bind operation the client requested an authentication method not supported by the LDAP server.
当进行bind操作时, client指定的认证方式不被LDAP Server支持。
0×08 8 LDAP_STRONG_AUTH_REQUIRED: Indicates one of the following:

  • In bind requests, the LDAP server accepts only strong authentication.
  • In a client request, the client requested an operation such as delete that requires strong authentication.
  • In an unsolicited notice of disconnection, the LDAP server discovers the security protecting the communication between the client and server has unexpectedly failed or been compromised.

代表下列情况之一:

0×09 9 Reserved.
保留的
0×0A 10 LDAP_REFERRAL: Does not indicate an error condition. In LDAPv3, indicates that the server does not hold the target entry of the request, but that the servers in the referral field may.
不是错误状态。在LDAPv3 中,代表Server无法得到请求的Entry 目标,但是可以介绍一个可能得到的域(field)
0×0B 11 LDAP_ADMINLIMIT_EXCEEDED: Indicates that an LDAP server limit set by an administrative authority has been exceeded.
LDAP Server 的被权限管理指定的有限集合被超出。
0×0C 12 LDAP_UNAVAILABLE_CRITICAL_EXTENSION: Indicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type.
LDAP Server不支持的request ,因为一个或者多个重要的扩展是不允许的。Server 不支持的Control或者Control 对于操作是不恰当的。
0×0D 13 LDAP_CONFIDENTIALITY_REQUIRED: Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality.
Session没有被诸如Transport Layer Security (TLS) 之类的协议保护,无法提供Session机密性。
0×0E 14 LDAP_SASL_BIND_IN_PROGRESS: Does not indicate an error condition, but indicates that the server is ready for the next step in the process. The client must send the server the same SASL mechanism to continue the process.
不是错误状态,代表Server已经为 process的下一步做好了准备。Client必须发送相同的 SASL给Server以继续process 。
0×0F 15 Not used.
未使用。
0×10 16 LDAP_NO_SUCH_ATTRIBUTE: Indicates that the attribute specified in the modify or compare operation does not exist in the entry.
在modify或者 compare操作中指定的属性,在指定Entry中不存在。
0×11 17 LDAP_UNDEFINED_TYPE: Indicates that the attribute specified in the modify or add operation does not exist in the LDAP server’s schema.
在modify或者 add操作中指定的属性,在LDAP Server的 Schema中不存在。
0×12 18 LDAP_INAPPROPRIATE_MATCHING: Indicates that the matching rule specified in the search filter does not match a rule defined for the attribute’s syntax.
在Search Filter 中指定的 rule不能和syntax中的rule 定义匹配。
0×13 19 LDAP_CONSTRAINT_VIOLATION: Indicates that the attribute value specified in a modify, add, or modify DN operation violates constraints placed on the attribute. The constraint can be one of size or content (string only, no binary).
在modify、 add或者modify DN 操作中指定的属性值,触犯了属性中的限制。那些限制是内容长度或者内容只能是String,不能是binary 等。
0×14 20 LDAP_TYPE_OR_VALUE_EXISTS: Indicates that the attribute value specified in a modify or add operation already exists as a value for that attribute.
在modify或者 add操作中指定的属性值,在属性中已经存在了。
0×15 21 LDAP_INVALID_SYNTAX: Indicates that the attribute value specified in an add, compare, or modify operation is an unrecognized or invalid syntax for the attribute.
在add、 compare或者modify 操作中指定的属性值,是不认识或者无效的 syntax 。
22-31 Not used.
未使用。
0×20 32 LDAP_NO_SUCH_OBJECT: Indicates the target object cannot be found. This code is not returned on following operations:

  • Search operations that find the search base but cannot find any entries that match the search filter.
  • Bind operations.

无法找到目标Object 。在以下操作中不返回这个代码:

  • Search操作中没有找到任何匹配serach filter entry
  • Bind操作。
0×21 33 LDAP_ALIAS_PROBLEM: Indicates that an error occurred when an alias was dereferenced.
当一个别名被复引用时发生错误。
0×22 34 LDAP_INVALID_DN_SYNTAX: Indicates that the syntax of the DN is incorrect. (If the DN syntax is correct, but the LDAP server’s structure rules do not permit the operation, the server returns LDAP_UNWILLING_TO_PERFORM.)
DN的句法不对。( 如果DN句法正确,但是LDAP Server 的结构规则不许可这个操作,Server返回LDAP_UNWILLING_TO_PERFORM 。 )
0×23 35 LDAP_IS_LEAF: Indicates that the specified operation cannot be performed on a leaf entry. (This code is not currently in the LDAP specifications, but is reserved for this constant.)
指定的操作不能被实施于一个叶子Entry 上。( 这个错误码不在当前的LDAP 规范中,但是这个常数为此而保留。 )
0×24 36 LDAP_ALIAS_DEREF_PROBLEM: Indicates that during a search operation, either the client does not have access rights to read the aliased object’s name or dereferencing is not allowed.
在search 操作中, client无权读别名了的 对象名或者间接引用是不被许可的。
37-47 Not used.
未使用。
0×30 48 LDAP_INAPPROPRIATE_AUTH: Indicates that during a bind operation, the client is attempting to use an authentication method that the client cannot use correctly. For example, either of the following cause this error:

  • The client returns simple credentials when strong credentials are required.
  • The client returns a DN and a password for a simple bind when the entry does not have a password defined.

当bind操作过程中, client试图使用不正确的认证方式。例如,以下情况造成这个error:

  • Client返回简单认证当需要strong credentials 的时候。
  • Client返回 DN和密码为了简单认证,但是 entry没有定义密码。
0×31 49 LDAP_INVALID_CREDENTIALS: Indicates that during a bind operation one of the following occurred:

  • The client passed either an incorrect DN or password.
  • The password is incorrect because it has expired, intruder detection has locked the account, or some other similar reason.

当bind操作过程中发生以下情况:

  • Client传送不正确的DN或者 password
  • 密码不正确,因为它过期了,入侵检测锁住了帐号,或者其他类似原因。
0×32 50 LDAP_INSUFFICIENT_ACCESS: Indicates that the caller does not have sufficient rights to perform the requested operation.
调用者没有足够的权限执行请求的操作。
0×33 51 LDAP_BUSY: Indicates that the LDAP server is too busy to process the client request at this time but if the client waits and resubmits the request, the server may be able to process it then.
LDAP Server太忙以至于无法处理client 的请求,但是如果client等待然后重新提交请求,Server 可能会处理。
0×34 52 LDAP_UNAVAILABLE: Indicates that the LDAP server cannot process the client’s bind request, usually because it is shutting down.
LDAP Server不能处理client 的bind请求,通常是因为它down 机了。
0×35 53 LDAP_UNWILLING_TO_PERFORM: Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons:

  • The add entry request violates the server’s structure rules.
  • The modify attribute request specifies attributes that users cannot modify.
  • Password restrictions prevent the action.
  • Connection restrictions prevent the action.

LDAP Server不能处理request ,因为Server定义的限制。
这个错误在以下原因下发生:

0×36 54 LDAP_LOOP_DETECT: Indicates that the client discovered an alias or referral loop, and is thus unable to complete this request.
client 发现一个别名或者引用是循环的,导致这个request 无法完成。
55-63 Not used.
未使用。
0×40 64 LDAP_NAMING_VIOLATION: Indicates that the add or modify DN operation violates the schema’s structure rules. For example,

  • The request places the entry subordinate to an alias.
  • The request places the entry subordinate to a container that is forbidden by the containment rules.
  • The RDN for the entry uses a forbidden attribute type.

在 add或者 modify DN操作中违反Schema的结构规则。例如:

  • 请求放置entry在别名下
  • 请求放置entry在被包含规则禁止的容器中
  • EntryRDN使用了禁止的属性类型
0×41 65 LDAP_OBJECT_CLASS_VIOLATION: Indicates that the add, modify, or modify DN operation violates the object class rules for the entry. For example, the following types of request return this error:

  • The add or modify operation tries to add an entry without a value for a required attribute.
  • The add or modify operation tries to add an entry with a value for an attribute which the class definition does not contain.
  • The modify operation tries to remove a required attribute without removing the auxiliary class that defines the attribute as required.

在 add、 modify或者modify DN操作中违反 entry的object class规则。例如,下面类型的 request导致这个错误:

0×42 66 LDAP_NOT_ALLOWED_ON_NONLEAF: Indicates that the requested operation is permitted only on leaf entries. For example, the following types of requests return this error:

  • The client requests a delete operation on a parent entry.
  • The client request a modify DN operation on a parent entry.

请求的操作只允许在叶子entry上执行。例如下面类型的 request导致这个错误:

0×43 67 LDAP_NOT_ALLOWED_ON_RDN: Indicates that the modify operation attempted to remove an attribute value that forms the entry’s relative distinguished name.
modify操作试图删除关联着DN 的属性值。
0×44 68 LDAP_ALREADY_EXISTS: Indicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry to the name of an entry that already exists.
add操作试图加一个已经存在的Entry ,或者modify操作试图重命名Entry 为一个已经存在的entry的名字。
0×45 69 LDAP_NO_OBJECT_CLASS_MODS: Indicates that the modify operation attempted to modify the structure rules of an object class.
modify操作试图改变object class 的结构规则。
0×46 70 LDAP_RESULTS_TOO_LARGE: Reserved for CLDAP.
为CLDAP保留。
0×47 71 LDAP_AFFECTS_MULTIPLE_DSAS: Indicates that the modify DN operation moves the entry from one LDAP server to another and thus requires more than one LDAP server.
modify DN的操作移动Entry 从一个LDAP Server到另一个,造成需要超过一个LDAP Server 。
72-79 Not used.
未使用
0×50 80 LDAP_OTHER: Indicates an unknown error condition. This is the default value for NDS error codes which do not map to other LDAP error codes.
一个未知的error状态。这是 NDS中没有映射到其他LDAP错误码上的错误码的缺省值。

posted on 2007-06-26 12:08 junky 阅读(1571) 评论(0)  编辑  收藏 所属分类: database


只有注册用户登录后才能发表评论。


网站导航: