Ldap Error 85
Contents |
Licenses Manage Account PingInsiders Local User Groups PingOne Uptime PingOne Status Ping Identity Partner ldap error code 1 - operations error Network Contact Home Knowledge Base Knowledge Base active directory ldap error codes User Groups Knowledge Base BACK TO KNOWLEDGE BASE HOME > LDAP Error Code 85
Openldap Error Codes
- A client-side timeout was encountered Published:12/01/2015 If you're having problems authenticating using an LDAP Password Credential Validator, and the server log
Ldap Error Code 81
contains something like this: 2015-12-01 01:00:00,356 tid:123456789012345678901234567 DEBUG [org.sourceid.saml20.domain.LDAPPasswordCredentialValidatorResult] LDAP server response from '10.1.1.1:389 10.1.1.2:389': [LDAP: error code 85 - A client-side timeout was encountered while waiting 3000ms for a response to search request with message ID 4, base DN 'DC=TestDomain,DC=com', scope SUB, and filter ldap result codes '(|(sAMAccountName=jdoe)(userPrincipalName=jdoe))' from server 10.1.1.1:389.]. The response was interpreted as 'authn.srvr.msg.invalid.credentials'. This indicates an issue with the PingFederate server(s) contacting the LDAP server(s) defined in the datastore being used by the Password Credential Validator. This could mean a number of different issues, but common ones include LDAP server(s) are down, a firewall rule is preventing access, routing to the LDAP servers has been interrupted by a network link failure, etc. Typical network troubleshooting should commence - some things to use from the PingFederate servers to check connectivity are: telnet [LDAP server address] [port] (note the space between address and port)ping [LDAP server]openssl s_client -connect [LDAP server address]:[port] (note the colon between address and port and Windows doesn't have openssl by default)tracert [LDAP server address] (Windows)traceroute [LDAP server address] (Linux derivatives) Category: Active Directory ,Administration , KB or other
Server-Side Result Codes Various LDAP specifications define a number of common result codes that may be included in responses to clients. These result codes include (but are not necessarily limited to): 0: Success This indicates that the operation completed successfully. It may https://www.ldap.com/ldap-result-code-reference be returned in response to an add, bind, delete, extended, modify, modify DN, or search operations. Compare http://web500gw.sourceforge.net/errors.html operations will not return a success result. If a compare operation does not encounter an error during processing, then the server should return a result of either "compare true" or "compare false", based on whether the target entry had the specified attribute value. 1: Operations Error This is intended to indicate that the client has requested an operation at an inappropriate time or in an ldap error incorrect order. For example, it may be used if a client sends a non-bind request in the middle of a multi-stage bind operation. Note that some directory servers use this as a generic "server error" type result. This is not the intended use for this result code (the "other" result is a better choice for this), but clients may need to be aware of this possibility. 2: Protocol Error This generally indicates that the client request was improperly formatted in some ldap error code way. For a bind operation, it may indicate that the client attempted to use an unsupported LDAP protocol version. For an extended operation, it may indicate that the server does not support the extended request type. Note that this result code can only be used if the server is able to at least partially decode the request in order to determine the message ID and operation type, since the server needs that information in order to craft an appropriate response. 3: Time Limit Exceeded This indicates that a search operation took longer to complete than allowed by the maximum time limit for that operation. This may be the time limit specified by the client in the search request, or it may be a time limit imposed by the server. 4: Size Limit Exceeded This indicates that a search operation would have returned more entries than were allowed for that operation. This may be the size limit specified by the client in the search request, or it may be a size limit imposed by the server. Note that the server may return a portion of the matching entries before this result. 5: Compare False This indicates that a compare operation was processed successfully but that the target entry did not match the provided attribute value assertion. 6: Compare True This indicates that a compare operation was processed successfully and that the target entry matched the provided attribute value assertion. 7: Authentication Method Not Supported
5LDAP_COMPARE_FALSECompare false 6LDAP_COMPARE_TRUECompare true 7LDAP_STRONG_AUTH_NOT_SUPPORTEDStrong authentication not supported 8LDAP_STRONG_AUTH_REQUIREDStrong authentication required 9LDAP_PARTIAL_RESULTSPartial results 16LDAP_NO_SUCH_ATTRIBUTENo such attribute 17LDAP_UNDEFINED_TYPEUndefined attribute type 18LDAP_INAPPROPRIATE_MATCHINGInappropriate matching 19LDAP_CONSTRAINT_VIOLATIONConstraint violation 20LDAP_TYPE_OR_VALUE_EXISTSType or value exists 21LDAP_INVALID_SYNTAXInvalid syntax 32LDAP_NO_SUCH_OBJECTNo such object 33LDAP_ALIAS_PROBLEMAlias problem 34LDAP_INVALID_DN_SYNTAXInvalid DN syntax 35LDAP_IS_LEAFObject is a leaf 36LDAP_ALIAS_DEREF_PROBLEMAlias dereferencing problem 48LDAP_INAPPROPRIATE_AUTHInappropriate authentication 49LDAP_INVALID_CREDENTIALSInvalid credentials 50LDAP_INSUFFICIENT_ACCESSInsufficient access 51LDAP_BUSYDSA is busy 52LDAP_UNAVAILABLEDSA is unavailable 53LDAP_UNWILLING_TO_PERFORMDSA is unwilling to perform 54LDAP_LOOP_DETECTLoop detected 64LDAP_NAMING_VIOLATIONNaming violation 65LDAP_OBJECT_CLASS_VIOLATIONObject class violation 66LDAP_NOT_ALLOWED_ON_NONLEAFOperation not allowed on nonleaf 67LDAP_NOT_ALLOWED_ON_RDNOperation not allowed on RDN 68LDAP_ALREADY_EXISTSAlready exists 69LDAP_NO_OBJECT_CLASS_MODSCannot modify object class 70LDAP_RESULTS_TOO_LARGEResults too large 80LDAP_OTHERUnknown error 81LDAP_SERVER_DOWNCan't contact LDAP server 82LDAP_LOCAL_ERRORLocal error 83LDAP_ENCODING_ERROREncoding error 84LDAP_DECODING_ERRORDecoding error 85LDAP_TIMEOUTTimed out 86LDAP_AUTH_UNKNOWNUnknown authentication method 87LDAP_FILTER_ERRORBad search filter 88LDAP_USER_CANCELLEDUser cancelled operation 89LDAP_PARAM_ERRORBad parameter to an ldap routine 90LDAP_NO_MEMORYOut of memory VERSION: 2.1rc1AvailabilityFeaturesChangesKnownBugsLinks&ReferencesInstallationModesConfiguration:web500gw.confHintsvCardsSearchinterfaceAddingentriesExamples:web500gw.confldaptemplates.confldapfriendlySupport:Y2K proof?MailingListTroubleshootingURLformatURLsinentriesLDAPerrorsDevelopersSF.netProjectTestit:TUChemnitzTUChemnitzCGIOthersites (errors.html.php Version 1.2) last modified by dekarl on 2001/07/22 at 20:24:24 GMT