Working With Oracle® Solaris 11.2 Directory and Naming Services: LDAP

Exit Print View

 
Updated: July 2014
 
 

Common LDAP Error Messages

Sometimes the N2L server logs errors that relate to internal LDAP problems, resulting in LDAP-related error messages. Although the errors are nonfatal, they indicate problems to investigate. For example, the N2L server might continue to operate but provide out-of-date or incomplete results.

This section describes some of the common LDAP error messages that you might encounter when implementing the N2L service. Error descriptions and possible causes and solutions for the errors are included.

Administrative limit exceeded

Error Number: 11

Cause: An LDAP search was made that was larger than allowed by the directory server's nsslapd-sizelimit attribute. Only partial information will be returned.

Solution: Increase the value of the nsslapd-sizelimit attribute, or implement a VLV index for the failing search.

Invalid DN Syntax

Error Number: 34

Cause: An attempt has been made to write an LDAP entry with a DN that contains illegal characters. The N2L server attempts to escape illegal characters, such as the + symbol, that are generated in DNs.

Solution: Check the LDAP server error log to find out which illegal DNs were written, then modify the NISLDAPmapping file that generated the illegal DNs.

Object class violation

Error Number: 65

Cause: An attempt has been made to write an LDAP entry that is invalid. Generally, this error is due to missing MUST attributes that can be caused by either of the following circumstances:

  • Bugs in the NISLDAPmapping file that create entries with missing attributes

  • Attempts to add an AUXILIARY attribute to an object that does not exist

    For example, if a user name has not yet been created from the passwd.byxxx map, an attempt to add auxiliary information to that user will fail.

Solution: For bugs in the NISLDAPmapping file, check what was written in the server error log to determine the nature of the problem.

Can't contact LDAP server

Error Number: 81

Cause: The ypserv file might be incorrectly configured to point to the wrong LDAP directory server. Alternatively, the directory server might not be running.

Solution: Reconfigure and confirm.

  • Reconfigure the ypserv file to point to the correct LDAP directory server.

  • To confirm that the LDAP server is running, type:

    % ping hostname 5 | grep "no answer" || \
         (ldapsearch -h hostname -s base -b ""  \
         "objectclass=*" >/dev/null && echo Directory accessible)

    If the server is unavailable, this message is displayed: no answer from hostname. If there are problems with the LDAP server, this message is displayed: ldap_search: Can't connect to the LDAP server - Connection refused. Finally if everything is working, the following message is displayed: Directory accessible.

Timeout

Error Number: 85

Cause: An LDAP operation timed out, typically while updating a map from the DIT. The map might now contain out-of-date information.

Solution: Increase the nisLDAPxxxTimeout attributes in the ypserv configuration file.

Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next