LDAP Result Code Reference

Whenever an LDAP directory server completes processing for an operation, it sends a response message back to the client with information about that operation. This response can help the client understand whether the operation succeeded or failed, but it may also provide additional information with more specific details about the nature of that success or failure. That response message includes a numeric result code, which is a basic indication of whether the operation succeeded, and to help categorize the reason for the failure.

Although each result code has a name in addition to its numeric value, it’s not always clear when a given result code might be used and what the potential causes might be. This reference tries to address that. It presents information collected from a number of different specifications, especially RFC 4511 (the core LDAPv3 protocol reference) and draft-just-ldapv3-rescodes (an IETF draft that served as an earlier version of a result code reference), along with information gleaned from years of experience working with LDAP.

Table of LDAP Result Codes

The links above provide information about LDAP responses and result codes organized into logical sections. But if you’re looking for a specific result code, the following table can take you directly to the discussion of that code.

Result Code Name Numeric Value
success 0
operationsError 1
protocolError 2
timeLimitExceeded 3
sizeLimitExceeded 4
compareFalse 5
compareTrue 6
authMethodNotSupported 7
strongerAuthRequired 8
referral 10
adminLimitExceeded 11
unavailableCriticalExtension 12
confidentialityRequired 13
saslBindInProgress 14
noSuchAttribute 16
undefinedAttributeType 17
inappropriateMatching 18
constraintViolation 19
attributeOrValueExists 20
invalidAttributeSyntax 21
noSuchObject 32
aliasProblem 33
invalidDNSyntax 34
isLeaf 35
aliasDereferencingProblem 36
inappropriateAuthentication 48
invalidCredentials 49
insufficientAccessRights 50
busy 51
unavailable 52
unwillingToPerform 53
loopDetect 54
sortControlMissing 60
offsetRangeError 61
namingViolation 64
objectClassViolation 65
notAllowedOnNonLeaf 66
notAllowedOnRDN 67
entryAlreadyExists 68
objectClassModsProhibited 69
resultsTooLarge 70
affectsMultipleDSAs 71
virtualListViewError or controlError 76
other 80
serverDown 81
localError 82
encodingError 83
decodingError 84
timeout 85
authUnknown 86
filterError 87
userCanceled 88
paramError 89
noMemory 90
connectError 91
notSupported 92
controlNotFound 93
noResultsReturned 94
moreResultsToReturn 95
clientLoop 96
referralLimitExceeded 97
invalidResponse 100
ambiguousResponse 101
tlsNotSupported 112
intermediateResponse 113
unknownType 114
canceled 118
noSuchOperation 119
tooLate 120
cannotCancel 121
assertionFailed 122
authorizationDenied 123
e-syncRefreshRequired 4096
noOperation 16654
Next: The Elements of an LDAP Operation Response Message