char * ldap_err2string( int err ) { char *m; Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 ); switch ( err ) { # define C(code, message) case code: m = message; break /* LDAPv3 (RFC 4511) codes */ C(LDAP_SUCCESS, N_("Success")); C(LDAP_OPERATIONS_ERROR, N_("Operations error")); C(LDAP_PROTOCOL_ERROR, N_("Protocol error")); C(LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded")); C(LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded")); C(LDAP_COMPARE_FALSE, N_("Compare False")); C(LDAP_COMPARE_TRUE, N_("Compare True")); C(LDAP_STRONG_AUTH_NOT_SUPPORTED,N_("Authentication method not supported")); C(LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required")); C(LDAP_REFERRAL, N_("Referral")); C(LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded")); C(LDAP_UNAVAILABLE_CRITICAL_EXTENSION, N_("Critical extension is unavailable")); C(LDAP_CONFIDENTIALITY_REQUIRED,N_("Confidentiality required")); C(LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress")); C(LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute")); C(LDAP_UNDEFINED_TYPE, N_("Undefined attribute type")); C(LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching")); C(LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation")); C(LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists")); C(LDAP_INVALID_SYNTAX, N_("Invalid syntax")); C(LDAP_NO_SUCH_OBJECT, N_("No such object")); C(LDAP_ALIAS_PROBLEM, N_("Alias problem")); C(LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax")); C(LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem")); C(LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication")); C(LDAP_INVALID_CREDENTIALS, N_("Invalid credentials")); C(LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access")); C(LDAP_BUSY, N_("Server is busy")); C(LDAP_UNAVAILABLE, N_("Server is unavailable")); C(LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform")); C(LDAP_LOOP_DETECT, N_("Loop detected")); C(LDAP_NAMING_VIOLATION, N_("Naming violation")); C(LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation")); C(LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf")); C(LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN")); C(LDAP_ALREADY_EXISTS, N_("Already exists")); C(LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class")); C(LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs")); /* Virtual List View draft */ C(LDAP_VLV_ERROR, N_("Virtual List View error")); C(LDAP_OTHER, N_("Other (e.g., implementation specific) error")); /* LDAPv2 (RFC 1777) codes */ C(LDAP_PARTIAL_RESULTS, N_("Partial results and referral received")); C(LDAP_IS_LEAF, N_("Entry is a leaf")); /* Connection-less LDAP (CLDAP - RFC 1798) code */ C(LDAP_RESULTS_TOO_LARGE, N_("Results too large")); /* Cancel Operation (RFC 3909) codes */ C(LDAP_CANCELLED, N_("Cancelled")); C(LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")); C(LDAP_TOO_LATE, N_("Too Late to Cancel")); C(LDAP_CANNOT_CANCEL, N_("Cannot Cancel")); /* Assert Control (RFC 4528 and old internet-draft) codes */ C(LDAP_ASSERTION_FAILED, N_("Assertion Failed")); C(LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")); /* Proxied Authorization Control (RFC 4370 and I-D) codes */ C(LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")); C(LDAP_X_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure (X)")); /* Content Sync Operation (RFC 4533 and I-D) codes */ C(LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")); C(LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")); /* No-Op Control (draft-zeilenga-ldap-noop) code */ C(LDAP_X_NO_OPERATION, N_("No Operation (X)")); /* Client Update Protocol (RFC 3928) codes */ C(LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")); C(LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")); C(LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")); C(LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")); C(LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")); #ifdef LDAP_X_TXN /* Codes related to LDAP Transactions (draft-zeilenga-ldap-txn) */ C(LDAP_X_TXN_SPECIFY_OKAY, N_("TXN specify okay")); C(LDAP_X_TXN_ID_INVALID, N_("TXN ID is invalid")); #endif /* API codes - renumbered since draft-ietf-ldapext-ldap-c-api */ C(LDAP_SERVER_DOWN, N_("Can't contact LDAP server")); C(LDAP_LOCAL_ERROR, N_("Local error")); C(LDAP_ENCODING_ERROR, N_("Encoding error")); C(LDAP_DECODING_ERROR, N_("Decoding error")); C(LDAP_TIMEOUT, N_("Timed out")); C(LDAP_AUTH_UNKNOWN, N_("Unknown authentication method")); C(LDAP_FILTER_ERROR, N_("Bad search filter")); C(LDAP_USER_CANCELLED, N_("User cancelled operation")); C(LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine")); C(LDAP_NO_MEMORY, N_("Out of memory")); C(LDAP_CONNECT_ERROR, N_("Connect error")); C(LDAP_NOT_SUPPORTED, N_("Not Supported")); C(LDAP_CONTROL_NOT_FOUND, N_("Control not found")); C(LDAP_NO_RESULTS_RETURNED, N_("No results returned")); C(LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return")); C(LDAP_CLIENT_LOOP, N_("Client Loop")); C(LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")); # undef C default: m = (LDAP_API_ERROR(err) ? N_("Unknown API error") : LDAP_E_ERROR(err) ? N_("Unknown (extension) error") : LDAP_X_ERROR(err) ? N_("Unknown (private extension) error") : N_("Unknown error")); break; } return _(m); }
int translate_ldap_error(int err, int op) { switch (err) { case LDAP_SUCCESS: return 0; case LDAP_OPERATIONS_ERROR: /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is * unable to respond with a more specific error and is also unable * to properly respond to a request */ case LDAP_UNAVAILABLE_CRITICAL_EXTENSION: /* LDAP server was unable to satisfy a request because one or more * critical extensions were not available */ /* This might mean that the schema was not extended ... */ case LDAP_UNDEFINED_TYPE: /* The attribute specified in the modify or add operation does not * exist in the LDAP server's schema. */ return KRB5_KDB_INTERNAL_ERROR; case LDAP_INAPPROPRIATE_MATCHING: /* The matching rule specified in the search filter does not match a * rule defined for the attribute's syntax */ return KRB5_KDB_UK_RERROR; case LDAP_CONSTRAINT_VIOLATION: /* The attribute value specified in a modify, add, or modify DN * operation violates constraints placed on the attribute */ case LDAP_TYPE_OR_VALUE_EXISTS: /* The attribute value specified in a modify or add operation * already exists as a value for that attribute */ return KRB5_KDB_UK_SERROR; case LDAP_INVALID_SYNTAX: /* The attribute value specified in an add, compare, or modify * operation is an unrecognized or invalid syntax for the attribute */ if (op == OP_ADD || op == OP_MOD) return KRB5_KDB_UK_SERROR; else /* OP_CMP */ return KRB5_KDB_UK_RERROR; /* Ensure that the following don't occur in the DAL-LDAP code. * Don't rely on the LDAP server to catch it */ case LDAP_SASL_BIND_IN_PROGRESS: /* This is not an error. So, this function should not be called */ case LDAP_COMPARE_FALSE: case LDAP_COMPARE_TRUE: /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This * function should not be invoked for them */ case LDAP_RESULTS_TOO_LARGE: /* CLDAP */ case LDAP_TIMELIMIT_EXCEEDED: case LDAP_SIZELIMIT_EXCEEDED: return KRB5_KDB_SERVER_INTERNAL_ERR; case LDAP_INVALID_DN_SYNTAX: /* The syntax of the DN is incorrect */ return EINVAL; case LDAP_PROTOCOL_ERROR: /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an * invalid or malformed request from the client */ case LDAP_CONFIDENTIALITY_REQUIRED: /* Bind problems ... */ case LDAP_AUTH_METHOD_NOT_SUPPORTED: /* case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */ case LDAP_INAPPROPRIATE_AUTH: case LDAP_INVALID_CREDENTIALS: case LDAP_UNAVAILABLE: case LDAP_SERVER_DOWN: /* Solaris Kerberos */ case LDAP_CONNECT_ERROR: /* Solaris Kerberos */ return KRB5_KDB_ACCESS_ERROR; case LDAP_STRONG_AUTH_REQUIRED: if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */ return KRB5_KDB_ACCESS_ERROR; else /* Client requested an operation such that requires strong authentication */ return KRB5_KDB_CONSTRAINT_VIOLATION; case LDAP_REFERRAL: return KRB5_KDB_NOENTRY; case LDAP_ADMINLIMIT_EXCEEDED: /* An LDAP server limit set by an administrative authority has been * exceeded */ return KRB5_KDB_CONSTRAINT_VIOLATION; case LDAP_UNWILLING_TO_PERFORM: /* The LDAP server cannot process the request because of * server-defined restrictions */ return KRB5_KDB_CONSTRAINT_VIOLATION; case LDAP_NO_SUCH_ATTRIBUTE: /* Indicates that the attribute specified in the modify or compare * operation does not exist in the entry */ if (op == OP_MOD) return KRB5_KDB_UK_SERROR; else /* OP_CMP */ return KRB5_KDB_TRUNCATED_RECORD; case LDAP_ALIAS_DEREF_PROBLEM: /* Either the client does not have access rights to read the aliased * object's name or dereferencing is not allowed */ #ifdef LDAP_PROXY_AUTHZ_FAILURE case LDAP_PROXY_AUTHZ_FAILURE: // Is this correct ? #endif case LDAP_INSUFFICIENT_ACCESS: /* Caller does not have sufficient rights to perform the requested * operation */ return KRB5_KDB_UNAUTH; case LDAP_LOOP_DETECT: /* Client discovered an alias or referral loop */ return KRB5_KDB_DB_CORRUPT; default: if (LDAP_NAME_ERROR (err)) return KRB5_KDB_NOENTRY; /*LINTED*/ if (LDAP_SECURITY_ERROR (err)) return KRB5_KDB_UNAUTH; /*LINTED*/ if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err)) return KRB5_KDB_ACCESS_ERROR; /*LINTED*/ if (LDAP_UPDATE_ERROR(err)) return KRB5_KDB_UK_SERROR; /* LDAP_OTHER */ return KRB5_KDB_SERVER_INTERNAL_ERR; } }