Sometimes the N2L server logs errors that relate to internal LDAP problems, resulting in LDAP-related error messages. Although the errors are nonfatal, they indicate problems to investigate. For example, the N2L server might continue to operate, but provide out-of-date or incomplete results.
The following list includes some of the common LDAP error messages that you might encounter when implementing the N2L service. Error descriptions, and possible causes and solutions for the errors, are included.
Administrative limit exceeded
Error Number: 11
Cause: An LDAP search was made that was larger than allowed by the directory server's nsslapd-sizelimit attribute. Only partial information will be returned.
Solution: Increase the value of the nsslapd-sizelimit attribute, or implement a VLV index for the failing search.
Invalid DN Syntax
Error Number: 34
Cause: An attempt has been made to write an LDAP entry with a DN that contains illegal characters. The N2L server attempts to escape illegal characters, such as the + symbol, that are generated in DNs.
Solution: Check the LDAP server error log to find out which illegal DNs were written, then modify the NISLDAPmapping file that generated the illegal DNs.
Object class violation
Error Number: 65
Cause: An attempt has been made to write an LDAP entry that is invalid. Generally, this error is due to missing MUST attributes that can be caused by either of the following circumstances.
Bugs in the NISLDAPmapping file that create entries with missing attributes
Attempts to add an AUXILIARY attribute to an object that does not exist
For example, if a user name has not yet been created from the passwd.byxxx map, an attempt to add auxiliary information to that user will fail.
Solution: For bugs in the NISLDAPmapping file, check what was written in the server error log to determine the nature of the problem.
Can't contact LDAP server
Error Number: 81
Cause: The ypserv file might be incorrectly configured to point to the wrong LDAP directory server. Alternatively, the directory server might not be running.
Solution:
Reconfigure the ypserv file to point to the correct LDAP directory server.
To confirm that the LDAP server is running, become superuser, or assume an equivalent role, on the directory server and type:
# pgrep -l slapd |
Timeout
Error Number: 85
Cause: An LDAP operation timed out, typically while updating a map from the DIT. The map might now contain out-of-date information.
Solution: Increase the nisLDAPxxxTimeout attributes in the ypserv configuration file.