Ldap Error 80
Contents |
Favorite Rating: Error [80] in LDAP search for user object unser the domainThis document (7009740) active directory ldap error codes is provided subject to the disclaimer at the end of this ldap: error code 49 - 80090308 document. Environment Novell Open Enterprise Server 2 (OES 2) LinuxNovell eDirectoryNovell ZENworks 7 Desktop Management Support openldap error codes Pack 1 - ZDM7 SP1 Application Launcher (NAL) Situation The message, "Error [80] in LDAP search for user object unser the domain with base=o=myOrg filter=(&(objectclass=posixAccount)(uid=*))", was observed in
Ldap Error Code 49 Acceptsecuritycontext Error Data 52e V1db1
/var/log/messages:when workstations (running ZENworks Desktop Mgmt 7) were not seeing all of their application icons, andintermittently during a periodic check Resolution Error 80 is defined as "other error" (see java error code wiki). To determine the root cause in eDirectory:Identify the preferred LDAP server that this OES server used for LUM. This is the "preferred-server=" ldap error code 32 line in /etc/nam.confOn the preferred LDAP server run the followingldapconfig set "LDAP Screen Level=all" you will be prompted for a tree admin ID & passwordrun ndstraceinsure only the following flags are enabled "+TAGS +TIME +LDAP"enable logging to file with "dstrace file on"insure the log file can grow to at least 10MB ("dstrace fmax 10000000")Reproduce the event the triggered the messageThis is typically the cache refresh cycle (persistent-cache-refresh-period in nam.conf). If that is the default 8 hours, you can reproduce the matter by running the following LDAP search:ldapsearch -x -h {ip_addr_of_primary_ldap} -b o={orgOfTree} -ssub "(&(objectclass=posixAccount)(uid=*))"> filename.outwhere: {ip_addr_of_primary_ldap} = preferred ldap server in nam.conf {orgOfTree} = the organization object in your treeStop the ndstrace to file ("dstrace file off") and exit ndstrace.Review either the ndstrace.log file or the filename.out file (from ldapsearch) to see the last object returned.An example output of the end of the ndstrace log is below. Note that the last good object returned was in the ou=123,ou=12,ou=1,o=myOrg container:# UU123456, OU123, OU12, OU1
codes; result codes; resultCode; ldap resultcode; ldap result
Ldap Error Code 80 - Other
code; ldap exception; ldap operations; 0x00; 0x01; 0x02; 0x03; 0x04; 0x05; 0x06; 0x07; 0x08; 0x09; 0x0A; https://www.novell.com/support/kb/doc.php?id=7009740 0x0B; 0x0C; 0x0D; 0x0E; 0x0F; 0x10; 0x11; 0x12; 0x13; 0x14; 0x15; 0x20; 0x21; 0x22; 0x23; 0x24; 0x30; 0x31; 0x32; 0x33; 0x34; 0x35; 0x36 ; 0x40; 0x41; 0x42; 0x43; 0x44; 0x45; 0x46; 0x47 http://www-01.ibm.com/support/docview.wss?uid=swg21214189 ; 0x50; 0x51; 0x52; 0x53; 0x54; 0x55; 0x56; 0x57; 0x58; 0x59; 0x5a; 0x5b; 0x5c; 0x5d; 0x5e; 0x5f; 0x60; 0x61; LDAP_SUCCESS; LDAP_OPERATIONS_ERROR; LDAP_PROTOCOL_ERROR; LDAP_TIMELIMIT_EXCEEDED; LDAP_SIZELIMIT_EXCEEDED; LDAP_COMPARE_FALSE; LDAP_COMPARE_TRUE; LDAP_AUTH_METHOD_NOT_SUPPORTED; LDAP_STRONG_AUTH_REQUIRED; LDAP_REFERRAL; LDAP_ADMINLIMIT_EXCEEDED; LDAP_UNAVAILABLE_CRITICAL_EXTENSION; LDAP_CONFIDENTIALITY_REQUIRED; LDAP_SASL_BIND_IN_PROGRESS; LDAP_NO_SUCH_ATTRIBUTE; LDAP_UNDEFINED_TYPE; LDAP_INAPPROPRIATE_MATCHING; LDAP_CONSTRAINT_VIOLATION; LDAP_TYPE_OR_VALUE_EXISTS; LDAP_INVALID_SYNTAX; LDAP_NO_SUCH_OBJECT; LDAP_ALIAS_PROBLEM; LDAP_INVALID_DN_SYNTAX; LDAP_IS_LEAF; LDAP_ALIAS_DEREF_PROBLEM; LDAP_INAPPROPRIATE_AUTH; LDAP_INVALID_CREDENTIALS; LDAP_INSUFFICIENT_ACCESS; LDAP_BUSY; LDAP_UNAVAILABLE; LDAP_UNWILLING_TO_PERFORM; LDAP_LOOP_DETECT; LDAP_NAMING_VIOLATION; LDAP_OBJECT_CLASS_VIOLATION; LDAP_NOT_ALLOWED_ON_NONLEAF; LDAP_NOT_ALLOWED_ON_RDN; LDAP_ALREADY_EXISTS; LDAP_NO_OBJECT_CLASS_MODS; LDAP_AFFECTS_MULTIPLE_DSAS; LDAP_OTHER; LDAP_SERVER_DOWN; LDAP_LOCAL_ERROR; LDAP_ENCODING_ERROR; LDAP_DECODING_ERROR; LDAP_TIMEOUT; LDAP_AUTH_UNKNOWN; LDAP_FILTER_ERROR; LDAP_USER_CANCELLED; LDAP_PARAM_ERROR; LDAP_NO_MEMORY; LDAP_CONNECT_ERROR; LDAP_NOT_SUPPORTED; LDAP_CONTROL_NOT_FOUND; LDAP_NO_RESULTS_RETURNED; LDAP_MORE_RESULTS_TO_RETURN; LDAP_CLIENT_LOOP; LDAP_REFERRAL_LIMIT_EXCEEDED Technote (FAQ) Question What are the LDAP return codes and message descriptions? Answer Hex Decimal Description 0x00 0
Tue, 15 Mar 2016 11:51:31 +0000 In-reply-to: <56E7EC69.1020802@siebenbergen.de> References: <56E7EC69.1020802@siebenbergen.de> User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 SeaMonkey/2.42a1 Christian http://www.openldap.org/lists/openldap-technical/201603/msg00090.html Schmidt wrote: Hi all, we're running Debian Jessie with slapd-2.4.40+dfsg-1+deb8u2 and ldap-utils-2.4.40+dfsg-1+deb8u2. No special modifications have been taken to slapd's configuration and/or the https://www.ldap.com/ldap-result-code-reference directory itself , and trying to add the following ldif file... This error isn't tripping anything familiar for me. Try again with debug ldap error -1; if that doesn't show more info then we would need to use gdb to see what actually failed. dn: cn=config changetype: modify add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.gnutls.key - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/ldap.gnutls.crt - add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/ssl/intermediate.pem ...results in error 80: # ldapmodify -Y EXTERNAL -H ldap error code ldapi:/// -f ./ssl.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" ldap_modify: Other (e.g., implementation specific) error (80) All the files are readable for the user slapd is running as. Invoking slapd with debug level 255 shows: [..] 56e2e677 => slap_access_allowed: add access granted by manage(=mwrscxd) 56e2e677 => access_allowed: add access granted by manage(=mwrscxd) 56e2e677 oc_check_required entry (cn=config), objectClass "olcGlobal" 56e2e677 oc_check_allowed type "objectClass" 56e2e677 oc_check_allowed type "cn" 56e2e677 oc_check_allowed type "olcArgsFile" 56e2e677 oc_check_allowed type "olcLogLevel" 56e2e677 oc_check_allowed type "olcPidFile" 56e2e677 oc_check_allowed type "olcToolThreads" 56e2e677 oc_check_allowed type "structuralObjectClass" 56e2e677 oc_check_allowed type "entryUUID" 56e2e677 oc_check_allowed type "creatorsName" 56e2e677 oc_check_allowed type "createTimestamp" 56e2e677 oc_check_allowed type "olcTLSCertificateKeyFile" 56e2e677 oc_check_allowed type "olcTLSCertificateFile" 56e2e677 oc_check_allowed type "olcTLSCACertificateFile" 56e2e677 oc_check_allowed type "entryCSN" 56e2e677 oc_check_allowed type "modifiersName" 56e2e677 oc_check_allowed type "modifyTimestamp" 56e2e677 send_ldap_result: conn=1002 op=1 p=3 56e2e677 send_ldap_result: e
Server-Side Result Codes Various LDAP specifications define a number of common result codes that may be included in responses to clients. These result codes include (but are not necessarily limited to): 0: Success This indicates that the operation completed successfully. It may be returned in response to an add, bind, delete, extended, modify, modify DN, or search operations. Compare operations will not return a success result. If a compare operation does not encounter an error during processing, then the server should return a result of either "compare true" or "compare false", based on whether the target entry had the specified attribute value. 1: Operations Error This is intended to indicate that the client has requested an operation at an inappropriate time or in an incorrect order. For example, it may be used if a client sends a non-bind request in the middle of a multi-stage bind operation. Note that some directory servers use this as a generic "server error" type result. This is not the intended use for this result code (the "other" result is a better choice for this), but clients may need to be aware of this possibility. 2: Protocol Error This generally indicates that the client request was improperly formatted in some way. For a bind operation, it may indicate that the client attempted to use an unsupported LDAP protocol version. For an extended operation, it may indicate that the server does not support the extended request type. Note that this result code can only be used if the server is able to at least partially decode the request in order to determine the message ID and operation type, since the server needs that information in order to craft an appropriate response. 3: Time Limit Exceeded This indicates that a search operation took longer to complete than allowed by the maximum time limit for that operatio