When doing a lot with Directory Server and LDAP Clients I ran quite often into some strange behaviours during beta evaluations or demostration environemts, and neither online help nor any helpful documentation could help in a recent time. I don't say that documentation I have available does not answer my questions, but the time I had to invest to figure out, where to start takes a while, and it's taking more time, the more books and files you're gonna browse.

 Next thing, having a similar problem a couple weeks later - "Boy, I knew it, I ran into this a while ago, but the heck, what was it "?

So, I came up with this page to have all kind of error messages and can start from here. This page does not solve every issue, however, this will help me diggin' deeper into LDAP TROUBLESHOOTING, and to remember where to start.

LDAP Server Returns ....   (or more Client Specific Return Codes) 

LDAP_SUCCESS	Indicates the reqeusted client operation completed successfully
LDAP_OPERATIONS_ERROR	Indicates an internal error. The server is unable to respond with a more specific error and is also uable to properly respond to a requst. It does not indicate that the client has sent an erroneous message
LDAP_PROTOCOL_ERROR	Indicates that the server has received an invalid or malformed request from the client
LDAP_TIMELIMIT_EXCEEDED	Indicates that the operation's time limit specified by either the client of the server has been exceeded. On search operations, incomplete results are returned
LDAP_SIZELIMIT_EXCEEDED	Indicates that in a search operation, the size limit specified by the client or the server has been exceeded. Incomplete results are returned
LDAP_COMPARE_FALSE	Does not indicate an error condition. Indicates that the result of a compare operation are false
LDAP_COMPARE_TRUE	Does not indicate an error condition. Indicates that the result of a compare operation are true
LDAP_AUTH_METHOD_NOT_SUPPORTED	Indicates that during a bind operation the client requested an authentication method not supported by the Directory server
LDAP_STRONG_AUTH_REQUIRED	Indicates on of the following - In bind requests, the Directory server accepts only strong authentication - In a client request, the client requested an operation such as delete that requires strong authentication - In an unsolicited notice of disconnection, the Directory server discovers the security protecting the communication between the client and server has unexpectedly failed or been compromised
LDAP_REFERRAL	Does not indicate an error condition. In LDAPv3, indicates that the server does not hold the target entry of the request, but that the servers in the referral field may.
LDAP_ADMINLIMIT_EXCEEDED	Indicates that a Directory server limit set by an adminstrative authority has been exceeded
LDAP_UNAVAILABLE_CRITICAL_EXTENSION	Indicates that the Directory Server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type
LDAP_CONFIDENTIALITY_REQUIRED	Indicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality
LDAP_SASL_BIND_IN_PROGRESS	Does not indicate an error condition, but indicates that the server is ready for the next step in the process. The client must send the server the same SASL mechanism to continue the process
LDAP_NO_SUCH_ATTRIBUTE	Indicates that the attribute specified in the modify or compare operation does not exist in the entry
LDAP_UNDEFINED_TYPE	Indicates that the attribute specified in the modify or add operation does not exist in the Directory server's schema
LDAP_INAPPROPRIATE_MATCHING	Indicates that the matching rule specified in the search filter does not match a rule defined for the attribute's syntax.
LDAP_CONSTRAINT_VIOLATION	Indicates that the attribute value specified in a modify, add, or modify DN operation violates constraints placed on the attribute. The constraint can be one of size or content (string only, no binary)
LDAP_TYPE_OR_VALUE_EXISTS	Indicates that the attribute value specified in a modify or add operation already exists as a vlaue for that attribute
LDAP_INVALID_SYNTAX	Indicates that the attribute value specified in an add, compare or modify operation is an unrecognized or invalid syntax for the attribute
LDAP_NO_SUCH_OBJECT	Indicates the target object cannot be found. This code is not returned on the following operations - Search operation that find the search base but cannot find any entries that match the search filter - Bind operations
LDAP_ALIAS_PROBLEM	Indicates that an error occurred when an alias was dereferneced
LDAP_INVALID_DN_SYNTAX	Indicates that the syntax of the DN is incorrect. (If the DN syntax is correct, but the Directory Server's structure rules do not permit the operation, the server returns LDAP_UNWILLING_TO_PERFORM
LDAP_IS_LEAF	Indicates that the specified operation cannot be performed on a leaf entry. (This code is not currectly in the LDAP specifications, but is reserved for this constant)
LDAP_ALIAS_DEREF_PROBLEM	Indicates that during a search operation, either the client does not have access rights to read the aliased object's name or dereferencing is not allowed
LDAP_INAPPROPRIATE_AUTH	Indicates that during a bind operation, the client is attempting to use an authentication method that the client cannot use correctly.
LDAP_INVALID_CREDENTIALS	Indicates that during a bind operation one of the following occured: - The client passes either an incorrect DN or password - The password is incorrect because it has expired, intruder detection has locked the account, or some other similar reason
LDAP_INSUFFICIENT_ACCESS	Indicates that the caller does not have sufficient right to perfrom the requested operation
LDAP_BUSY	Indicates that the LDAP server is too busy to process the client request at this time but if the client waits and resubmits the request, the server may be able to process it then
LDAP_UNAVIALABLE	Indicates that the LDAP server cannot provess the Client's bind request, usually because it is shutting down
LDAP_UNWILLING_TO_PERFORM	Indicates that the Directory Server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: - The add entry request violates the server's structure rules - The modify attribute request specifies attributes that users cannot modify - Password restrictions prevent the action - Connection restrictions prevent the action
LDAP_LOOP_DETECT	Indicates that the client discovered an alias ro refferal loop, and is thus unable to complete this request
LDAP_NAMING_VIOLATION	Indicates that the add or modifyDN operation violates the schema's structure rules. For example, - The request places the entry subordinate to an alias - The request places the entry subordinate to a container that is forbidden by the containment rules - The RDN for the entry uses a frobidden attribute type
LDAP_OBJECT_CLASS_VIOLATION	Indicates that the add, modify, or modify DN operation violates the object class rules for the entry. For example, - The add or modify operation tries to add an entry without a value for a required attribute - The add or modify operation tries to add an entry with a value for an attribute which the class definition does not contain - The modify operation tries to remove a required attribute without removing the auxiliary class that defines the attribute as required
LDAP_NOT_ALLOWED_ON_NONLEAF	Indicates that the requested operation is permitted only on leaf entries. For example, - The client requests a delete operation on a parent entry - The client requests a modify DN operation on a parent entry
LDAP_NOT_ALLOWED_ON_RDN	Indicates that the modify operaton attempted to remove an attribute value that forms the entry's relative distinguished name
LDAP_ALREADY_EXISTS	Indicates that the add operation attempted to add an entry that already exists, or that the modify operation to rename an entry to the name of an entry that already exists
LDAP_NO_OBJECT_CLASS_MODS	Indicates that the modify operation attempted to modify the sutructe rules of an object class
LDAP_AFFECTS_MULITPLE_DSAS	Indicates that the modify DN operations moves the entry from on Directory Server to another and thus requires more than one LDAP server

 

LDAP Client Returns ....

LDAP_SERVER_DOWN	Indicates that the LDAP Libraries cannot establish an initial connection with the LDAP server. Either the Directory Server is down or the specified host name or port number is incorrect
LDAP_LOCAL_ERROR	Indicates that the LDAP client has an error. This is usually a failed dynamic allocation error
LDAP_ENCODING_ERROR	Indicates, that the LDAP clienht encountered errors when encoding an LDAP request intended for the Directory Server
LDAP_DECODING_ERROR	Indicates that the LDAP client encountered error when decoding an LDAP response from the Directory Server
LDAP_TIMEOUT	Indicates the the time limit of the LDAP client was exdceeded while waiting for a result
LDAP_AUTH_UNKNOWN	Indicates that the ldap_bind or ldap_bind_s fuinction wass called with an unknow authentication method
LDAP_FILTER_ERROR	Indicates that the ldap_search function was called with an invalid search filter
LDAP_USER_CANCELLED	Indicates that the user cancelled the LDAP operation
LDAP_PARAM_ERROR	Indicates that an LDAP function was called with an invalid parameter value
LDAP_NO_MEMORY	Indicates that a dynamic memory allocation function failed when calling an LDAP function
LDAP_CONNECT_ERROR	Indicates the the LDAP client has lost either its conenction or cannot establish a conenction to the Directory Server
LDAP_NOT_SUPPORTED	Indicates that the requested functionality is not supportyed by the client. For example, if the LDAP client is establsihed as an LDAPv3 clienty, the libraries set this error code when the client requests LDAPv3 functionality
LDAP_CONTROL_NOT_FOUND	Indicates that the client requested a control that the libraries cannot find in the list of supported controls sent by the Directory Server
LDAP_NO_RESULTS_TO_RETURN	Indicates that more results are chained itn the result message. The libraries set this code when the callt ot the ldap_parse_result function reveals that addtional result codes are available
LDAP_CLIENT_LOOP	Indicates the LDAP libraries detected a loop.
LDAP_REFERRAL_LIMIT_EXCEEDED	Indicates that the referral exceeds the hop limit. The hop limit determines how many server the client can hop through to retrieve data