Secure LDAP service: Error code descriptions

This feature is available with G Suite Enterprise, Cloud Identity Premium, G Suite Enterprise for Education, and G Suite for Education.

The Secure LDAP service returns error codes when there's an issue in fulfilling the LDAP requests. These errors occur during the process of connecting an LDAP client and any subsequent LDAP queries after the connection. How and whether the LDAP clients expose error codes to end users depends on the specific LDAP client. The error codes described in this article are also displayed in audit logs.

PROTOCOL_ERROR (2)

  • Returned when a request specifies an unsupported LDAP version. The Secure LDAP service supports LDAP version 3.
  • Returned when a request specifies an unsupported action. Google supports Abandon, Bind, Extended (for StartTLS), Search, and Unbind. Unsupported actions are: Add, Compare, Del, Modify, and ModifyDn.
  • Returned when an Extended request specifies an unsupported Oid. Google only supports the Extended action for StartTLS (Oid 1.3.6.1.4.1.1466.20037) over a previously unsecured connection.

​AUTH_METHOD_NOT_SUPPORTED (7)

  • Returned when a Bind request specifies an unsupported authentication method. Google supports SIMPLE, SASL PLAIN, and SASL EXTERNAL.

ADMIN_LIMIT_EXCEEDED (11)

  • Returned when exceeding LDAP quota

CONFIDENTIALITY_REQUIRED (13)

  • Returned when an SASL Bind request is issued over an unsecured connection
  • Returned when a Search request queries for anything other than server attributes and is issued over an unsecured connection

NO_SUCH_OBJECT (32)

  • Returned when searching for something that doesn't exist (for example, an unknown user, group, or organizational unit)
  • Returned when searching for a userid that isn't in the directory

​INVALID_DN_SYNTAX (34)

INAPPROPRIATE_AUTHENTICATION (48)

  • Returned when a Bind request specifies a malformed, expired, or otherwise bad client certificate
  • Returned when a SASL PLAIN Bind request specifies malformed credentials, or does not specify credentials

​INSUFFICIENT_ACCESS_RIGHTS (50)

  • Returned when the the Secure LDAP service is OFF for the LDAP client
  • Returned when the customer is not licensed to use the Secure LDAP service
  • Returned when the Bind request specifies a user that is not licensed to use Secure LDAP
  • Returned when a subsequent Bind request (rebind) specifies a user that doesn't belong to an organizational unit that's enabled for authentication in the Secure LDAP configuration
  • Returned when a SIMPLE Bind request specifies no credentials (unauthenticated)

UNWILLING_TO_PERFORM (53)

  • Returned when a SIMPLE Bind request specifies no credentials (unauthenticated)

​OTHER (80)

CANCELED  (118)

  • Returned when an Abandon request aborts an existing LDAP operation
     
Was this helpful?
How can we improve it?