Net::LDAP::Constant(3) User Contributed Perl Documentation Net::LDAP::Constant(3)

Net::LDAP::Constant - Constants for use with Net::LDAP

use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);

Net::LDAP::Constant exports constants, technically: constant subroutines, for the LDAP status codes and OIDs listed in the sections below.

In addition to exporting individual constants, the following tags can be used to export groups of constants.

:all
Export all constants known to "Net::LDAP::Constant".
":codes"
Export all LDAP status codes mentioned in the section "Protocol Constants".
":controls"
Export all "LDAP_CONTROL_*" constants.
":extensions"
Export all "LDAP_EXTENSION_*" constants.
":features"
Export all "LDAP_FEATURE_*" constants.
":capabilities"
Export all "LDAP_CAP_*" constants.

Operation completed without error
Server encountered an internal error
Unrecognized version number or incorrect PDU structure
The time limit on a search operation has been exceeded
The maximum number of search results to return has been exceeded.
This code is returned when a compare request completes and the attribute value given is not in the entry specified
This code is returned when a compare request completes and the attribute value given is in the entry specified
Unrecognized SASL mechanism name
Unrecognized SASL mechanism name
The server requires authentication be performed with a SASL mechanism
Returned to version 2 clients when a referral is returned. The response will contain a list of URLs for other servers.
The server is referring the client to another server. The response will contain a list of URLs
The server has exceed the maximum number of entries to search while gathering a list of search result candidates
A control or matching rule specified in the request is not supported by the server
This result code is returned when confidentiality is required to perform a given operation
The server requires the client to send a new bind request, with the same SASL mechanism, to continue the authentication process
The request referenced an attribute that does not exist
The request contains an undefined attribute type
An extensible matching rule in the given filter does not apply to the specified attribute
The request contains a value which does not meet with certain constraints. This result can be returned as a consequence of
  • The request was to add or modify a user password, and the password fails to meet the criteria the server is configured to check. This could be that the password is too short, or a recognizable word (e.g. it matches one of the attributes in the users entry) or it matches a previous password used by the same user.
  • The request is a bind request to a user account that has been locked
The request attempted to add an attribute type or value that already exists
Some part of the request contained an invalid syntax. It could be a search with an invalid filter or a request to modify the schema and the given schema has a bad syntax.
The server cannot find an object specified in the request
Server encountered a problem while attempting to dereference an alias
The request contained an invalid DN
The specified entry is a leaf entry
Server encountered a problem while attempting to dereference an alias
The user bound is not authorized to assume the requested identity.
The server requires the client which had attempted to bind anonymously or without supplying credentials to provide some form of credentials
The wrong password was supplied or the SASL credentials could not be processed
The client does not have sufficient access to perform the requested operation
The server is too busy to perform requested operation
The server in unavailable to perform the request, or the server is shutting down
The server is unwilling to perform the requested operation
The server was unable to perform the request due to an internal loop detected
The search contained a "virtual list view" control, but not a server-side sorting control, which is required when a "virtual list view" is given.
The search contained a control for a "virtual list view" and the results exceeded the range specified by the requested offsets.
The request violates the structure of the DIT
The request specifies a change to an existing entry or the addition of a new entry that does not comply with the servers schema
The requested operation is not allowed on an entry that has child entries
The requested operation ill affect the RDN of the entry
The client attempted to add an entry that already exists. This can occur as a result of
  • An add request was submitted with a DN that already exists
  • A modify DN requested was submitted, where the requested new DN already exists
  • The request is adding an attribute to the schema and an attribute with the given OID or name already exists
Request attempt to modify the object class of an entry that should not be modified
The results of the request are to large
The requested operation needs to be performed on multiple servers where the requested operation is not permitted
A VLV error has occurred
An unknown error has occurred
"Net::LDAP" cannot establish a connection or the connection has been lost
An error occurred in "Net::LDAP"
"Net::LDAP" encountered an error while encoding the request packet that would have been sent to the server
"Net::LDAP" encountered an error while decoding a response packet from the server.
"Net::LDAP" timeout while waiting for a response from the server
The method of authentication requested in a bind request is unknown to the server
An error occurred while encoding the given search filter.
The user canceled the operation
An invalid parameter was specified
Out of memory error
A connection to the server could not be established
An attempt has been made to use a feature not supported by Net::LDAP
The controls required to perform the requested operation were not found.
No results were returned from the server.
There are more results in the chain of results.
A loop has been detected. For example when following referrals.
The referral hop limit has been exceeded.
Operation was canceled
Server has no knowledge of the operation requested for cancellation
Too late to cancel the outstanding operation
The identified operation does not support cancellation or the cancel operation cannot be performed
An assertion control given in the LDAP operation evaluated to false causing the operation to not be performed.
Refresh Required.

Control OIDs identify LDAP Controls.

By announcing the respective OIDs in the operational attribute "supportedControls" of the Root DSE an LDAP server indicates which LDAP Controls it supports.

See Net::LDAP::Control::Sort.
See Net::LDAP::Control::SortResult.
See Net::LDAP::Control::VLV.
See Net::LDAP::Control::VLVResponse.
See Net::LDAP::Control::ProxyAuth.
See Net::LDAP::Control::Paged.
See Net::LDAP::Control::TreeDelete.
Outdated OID mentioned in predecessors to RFC 3876. Superseded by "LDAP_CONTROL_MATCHEDVALUES".
See Net::LDAP::Control::MatchedValues.
See Net::LDAP::Control::ManageDsaIT.
See Net::LDAP::Control::PersistentSearch.
See Net::LDAP::Control::EntryChange.
See Net::LDAP::Control::Relax.
See Net::LDAP::Control::PasswordPolicy.
See Net::LDAP::Control::PreRead.
See Net::LDAP::Control::PostRead.
See Net::LDAP::Control::Assertion.
See Net::LDAP::Control::DontUseCopy.
See Net::LDAP::Control::NoOp.
See Net::LDAP::Control::Subentries.
See Net::LDAP::Control::SyncRequest.
See Net::LDAP::Control::SyncState.
See Net::LDAP::Control::SyncDone.

The account's password has expired.
The account is locked.
The account's password has been reset and now must be changed.
The account's password may not be modified.
The old password must also be supplied when setting a new password.
The new password was not of sufficient quality.
The new password was too short.
The previous password was changed too recently.
The new password was used too recently.

Active Directory Control OIDs

See section LDAP Extended Controls in https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-ADTS/[MS-ADTS].pdf.

Extension OIDs identify LDAP Extended operations.

By announcing the respective OIDs in the operational attribute "supportedExtension" of the Root DSE an LDAP server indicates which LDAP Extended operations it supports.

Indicates that the server is about to close the connection due to an error (RFC 4511).
Indicates if the server supports the Start TLS extension (RFC 4513). See "start_tls" in Net::LDAP.
Indicates that the server supports the Password Modify extension (RFC 3062). See Net::LDAP::Extension::SetPassword.
Indicates that the server supports the "Who am I?" extension (RFC 4532). See Net::LDAP::Extension::WhoAmI.
Indicates that the server supports the Refresh extension (RFC 2589). See Net::LDAP::Extension::Refresh.
Indicates the server supports the Cancel extension (RFC 3909). See Net::LDAP::Extension::Cancel.

Active Directory Extension OIDs

See section LDAP Extended Operations in https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-ADTS/[MS-ADTS].pdf.

Novell eDirectory Extension OIDs

Feature OIDs identify LDAP features.

By announcing the respective OIDs in the operational attribute "supportedFeature" of the Root DSE an LDAP server indicates which LDAP features it supports.

Indicates if the server allows "+" for returning all operational attributes (RFC 3673)
Indicates that the server allows "@objectclass" for returning all attributes used to represent a particular class of object (RFC 4529)
Indicates that the server supports "(&)" for the absolute True filter, and "(|)" for the absolute False filter (RFC 4526).
Indicates the server supports language tag options of the form "lang-language-tag" with attributes (RFC 3866)
Indicates that the server supports language tag range options (RFC 3866)
Indicates if the server supports the Modify Increment extension (RFC 4525). See "modify" in Net::LDAP.

The following constants are specific to Microsoft Active Directory. They serve to denote capabilities via the non-standard operational attribute "supportedCapabilities" in the Root DSE of an an LDAP server.

Indicates that the LDAP server is running Active Directory and is running as AD DS.
Indicates that the LDAP server on the DC is capable of signing and sealing on an NTLM authenticated connection, and that the server is capable of performing subsequent binds on a signed or sealed connection.
On an Active Directory DC operating as AD DS, the presence of this capability indicates that the LDAP server is running at least the Windows 2003.

On an Active Directory DC operating as AD LDS, the presence of this capability indicates that the LDAP server is running at least the Windows 2008.

Indicates that the LDAP server is running Active Directory as AD LDS.
Indicates on a DC operating as AD LDS, that the DC accepts DIGEST-MD5 binds for AD LDS security principals.
Indicates that the Active Directory DC operating as AD DS, is an RODC.
Indicates that the LDAP server is running at least the Windows 2008.
Indicates that the LDAP server is running at least the Windows 2008 R2.
Indicates that the LDAP server is running at least the Windows 2012.

Net::LDAP, Net::LDAP::Message

Graham Barr <gbarr@pobox.com>

Please report any bugs, or post any suggestions, to the perl-ldap mailing list <perl-ldap@perl.org>

Copyright (c) 1998-2009 Graham Barr. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

2024-09-01 perl v5.40.0