How LDAP Error Codes Map to JNDI Exceptions

The LDAP defines a set of status codes that are returned with LDAP responses sent by the LDAP server (see RFC 2251). In the JNDI, error conditions are indicated as checked exceptions that are subclasses of NamingException. See the Naming Exceptions section for an overview of the JNDI exception classes.

The LDAP service provider translates the LDAP status code it receives from the LDAP server to the appropriate subclass of NamingException . The following table shows the mapping between LDAP status codes and JNDI exceptions.

LDAP Status CodeMeaningException or Action
0SuccessReport success.
1Operations errorNamingException
2Protocol errorCommunicationException
3Time limit exceeded.TimeLimitExceededException
4Size limit exceeded.SizeLimitExceededException
5Compared false.Used by Does not generate an exception.
6Compared true.Used by Does not generate an exception.
7Authentication method not supported.AuthenticationNotSupportedException
8Strong authentication required.AuthenticationNotSupportedException
9Partial results being returned.If the environment property "java\.naming\.referral" is set to "ignore" or the contents of the error do not contain a referral, throw a PartialResultException. Otherwise, use contents to build a referral.
10Referral encountered.If the environment property "java\.naming\.referral" is set to "ignore" , then ignore. If the property is set to "throw" , throw ReferralException. If the property is set to "follow" , then the LDAP provider processes the referral. If the "java\.naming\.ldap\.referral\.limit" property has been exceeded, throw LimitExceededException.
11Administrative limit exceeded.LimitExceededException
12Unavailable critical extension requested.OperationNotSupportedException
13Confidentiality required.AuthenticationNotSupportedException
14SASL bind in progress.Used internally by the LDAP provider during authentication.
16No such attribute exists.NoSuchAttributeException
17An undefined attribute type.InvalidAttributeIdentifierException
18Inappropriate matchingInvalidSearchFilterException
19A constraint violation.InvalidAttributeValueException
20An attribute or value already in use.AttributeInUseException
21An invalid attribute syntax.InvalidAttributeValueException
32No such object exists.NameNotFoundException
33Alias problemNamingException
34An invalid DN syntax.InvalidNameException
35Is a leaf.Used by the LDAP provider; usually doesn't generate an exception.
36Alias dereferencing problemNamingException
48Inappropriate authenticationAuthenticationNotSupportedException
49Invalid credentialsAuthenticationException
50Insufficient access rightsNoPermissionException
53Unwilling to performOperationNotSupportedException
54Loop detected.NamingException
64Naming violationInvalidNameException
65Object class violationSchemaViolationException
66Not allowed on non-leaf.ContextNotEmptyException
67Not allowed on RDN.SchemaViolationException
68Entry already exists.NameAlreadyBoundException
69Object class modifications prohibited.SchemaViolationException
71Affects multiple DSAs.NamingException