Error codes

Json2Ldap returns an error code with a message if the JSON-RPC 2.0 request failed for some reason.

The error codes fall into the following ranges according to their type:

Range	Type
1 .. ?	Standard and extension-specific LDAP operation errors reported by the directory server. These are passed through without modification and their codes match the standard LDAP result codes (positive integers).
-1000 .. -1999	Errors generated by the Json2Ldap web service itself. These are typically used to indicate connection, access policy and security exceptions.
-31100 .. -31199	Access denied messages, such as access denied due to a blocked client IP address.
-32000 .. -32768	Standard JSON-RPC 2.0 protocol errors. These are codes reserved by the RPC protocol to indicate errors such as badly formatted JSON-RPC 2.0 requests or invalid method parameters.

Here is an example JSON-RPC 2.0 response that reports an invalid / expired LDAP connection token:

{ "error"   : { "code"    : -1000,
                "message" : "Invalid\/expired LDAP connection identifier (CID)" },
  "id"      : 1,
  "jsonrpc" : "2.0" }

Some error responses may contain additional diagnostic information in the error data field, for example:

{
 "error"   : { "code"    : -1031,
               "message" : "LDIF exception",
               "data"    : "Unexpected space found at the beginning of
                            the first line for an LDIF entry on or near
                            line number 1."},
 "id"      : 1,
 "jsonrpc" : "2.0"
}

The exact format of error responses is described in the JSON-RPC 2.0 specification.

Json2Ldap keeps error messages deliberately concise. To obtain more information about the cause of an error examine the Json2Ldap log file (logging must be enabled at INFO level).

LDAP specific errors

Errors with a code above zero indicate an exception reported by the directory server during processing of an LDAP request. The codes can be standard, reserved by the LDAP protocol (codes in the range from 0 to 90, see RFC 2251) as well as extension specific (codes above 90).

The encapsulating HTTP response has a status code 460 (since v3.5).

Here is a list of some of the LDAP specific errors:

Code	Message
2	LDAP error: Protocol error
3	LDAP error: Time limit exceeded
4	LDAP error: Size limit exceeded
7	LDAP error: Auth method not supported
8	LDAP error: Strong auth required
11	LDAP error: Admin limit exceeded
12	LDAP error: Unavailable critical extension
13	LDAP error: Confidentiality required
16	LDAP error: No such attribute
17	LDAP error: Undefined attribute type
18	LDAP error: Inappropriate matching
19	LDAP error: Constraint violation
20	LDAP error: Attribute or value exists
21	LDAP error: Invalid attribute syntax
32	LDAP error: No such object
33	LDAP error: Alias problem
34	LDAP error: Invalid DN syntax
36	LDAP error: Alias dereferencing problem
48	LDAP error: Inappropriate authentication
49	LDAP error: Invalid credentials
50	LDAP error: Insufficient access rights
52	LDAP error: Unavailable
53	LDAP error: Unwilling to perform
54	LDAP error: Loop detect
64	LDAP error: Naming violation
65	LDAP error: Object class violation
66	LDAP error: Not allowed on non-leaf
67	LDAP error: Not allowed on RDN
68	LDAP error: Entry already exists
69	LDAP error: Object client mods prohibited
80	LDAP error: Other
81	LDAP error: Server down
82	LDAP error: Local error
83	LDAP error: Encoding error
84	LDAP error: Decoding error
85	LDAP error: Timeout
86	LDAP error: Auth unknown
87	LDAP error: Filter error
90	LDAP error: No memory

Json2Ldap specific exceptions

Exceptions with codes between -1000 and -1999 originate from the Json2Ldap web service itself.

These are divided into the following categories:

-1000 .. -1099 Common errors
-1100 .. -1199 LDAP server connection, TLS/SSL and network errors
-1200 .. -1299 Bind (authentication) request errors
-1300 .. -1399 Errors related to LDAP read operation requests
-1400 .. -1499 Errors related to LDAP write operation requests
-1500 .. -1599 Errors related to LDAP extended requests
-1600 .. -1699 Errors related to LDAP schema information requests
-1700 .. -1799 Custom Json2Ldap extension errors

The encapsulating HTTP response has a status code 461 (since v3.5).

Here is the complete list of the Json2Ldap web service specific errors:

Code	Message
-1000	Invalid/expired LDAP connection identifier (CID)
-1005	Incomplete LDAP connection / bind request
-1010	Requests must be submitted over HTTP secure (HTTPS)
-1020	Parameter with bad BASE-64 encoding
-1030	LDIF read exception
-1031	LDIF exception
-1032	Empty LDIF record

-1100	LDAP server connect error
-1101	Unknown LDAP server host
-1102	No route to LDAP server host
-1103	LDAP server down or invalid host/port
-1104	Network TCP/IP protocol error
-1105	Network I/O error
-1106	LDAP connection timeout
-1120	Connections to the specified LDAP server are not allowed
-1121	Default connections disabled
-1122	Exhausted connection quota for this client IP
-1123	Exhausted connection quota for this Json2Ldap evaluation version
-1124	LDAP connection with TLS/SSL security required
-1130	Json2Ldap TLS/SSL keystore exception
-1131	TLS/SSL error
-1132	TLS/SSL error: Invalid or untrusted certificate
-1133	StartTLS error

-1200	Exhausted connection quota for this user
-1201	Relay of bind (authentication) requests is disabled
-1202	Bind (authentication) is required

-1300	Relay of LDAP read requests is disabled
-1303	Bad page cookie format

-1400	Relay of LDAP write requests is disabled
-1401	The LDIF record must be of changetype ADD
-1402	The LDIF record must be of changetype MODIFY
-1403	One or more modifications must be specified
-1404	The LDIF record must be of changetype DELETE

-1500	Relay of “Password Modify” requests is disabled
-1501	Relay of “Who am I?” requests is disabled

-1600	Schema not available
-1601	No such object class
-1602	No such attribute type
-1603	No such matching rule
-1604	No such matching rule use
-1605	No such syntax

-1710	SRP-6a authentication disabled
-1711	This SRP-6a request requires a default LDAP connection
-1712	Illegal SRP-6a authentication session state
-1713	SRP-6a session timeout
-1714	Bad SRP-6a authentication credentials
-1715	The SRP-6a public client value ‘A’ must be hex encoded
-1716	The SRP-6a client evidence message ‘M1’ must be hex encoded
-1717	The SRP-6a salt ‘s’ must be hex encoded
-1718	The SRP-6a verifier ‘v’ must be hex encoded
-1719	SRP-6a salt ‘s’ byte size not accepted
-1720	Internal SRP-6a authentication exception

Access denied messages

This section lists JSON-RPC 2.0 errors indicating the client was denied access to Json2Ldap, e.g. due to a blocked client IP address.

The encapsulating HTTP response has a status code 401 or 403 (since v3.5).

Code	Message	HTTP status
-31100	Requests must be sent over HTTPS	401
-31105	Client IP address denied access	403

-31110	Trusted client X.509 certificate required	401
-31111	Invalid client X.509 certificate principal DN	401
-31112	Client X.509 certificate principal denied	403

-31120	API key filter requires named JSON-RPC 2.0 parameters	401
-31121	Missing API key	401
-31123	API key denied access	403

JSON-RPC 2.0 specific errors

Errors with codes between -32000 and -32768 are reserved by the JSON-RPC 2.0 specification to indicate a general protocol exception.

The encapsulating HTTP response has a status code 400 except for the -32603 Internal error where the HTTP status code is 500 (since v3.5).

Code	Message	HTTP status
-32700	JSON parse error	400
-32600	Invalid request	400
-32601	Method not found	400
-32602	Invalid parameters	400
-32603	Internal error	500