The error messages described in this section can be returned by the LDAP server when LDAP authentication is enabled.
ERROR: Failed to establish connection with username <'username'>: Invalid Credentials.
Either the LDAP user name and/or password is invalid, or the LDAPDNFORMAT string is badly formed.ERROR: Failed to establish connection with username <'username'>: Unwilling To Perform.
The LDAP user's specified role has no corresponding authorization name in the SAND database.This error can also appear if a user name with no password was received by the LDAP server. LDAP does not allow an empty password.
ERROR: Failed to load LDAP library: '<library>'.
The LDAP library file could not be found, or the file could not be opened. Verify that the LDAP library file exists, and that it is in the path specified by the LDAPPATH parameter.ERROR: Failed to set connection information.
There was an error while attempting to connect to the LDAP server. Make sure the LDAP host name and port number (LDAPHOST) are correct, and that the LDAP server is actually running.ERROR: Invalid LDAPMode value: <value>
A value other than LOGIN and OPEN is specified for the LDAPMODE parameter. Note that those two values represent the only LDAP modes available.ERROR: LDAP library does not contain the necessary functionality: '<library>'.
The LDAP library was loaded, but one or more functions required for the operation of the LDAP module were not found in the library. The specified LDAP library might be outdated or nonstandard, in which case it should be replaced.ERROR: LDAPServiceUser value is required
The LDAPSERVICEUSER parameter is not set. Since the LDAPMODE parameter is set to OPEN, the LDAPSERVICEUSER parameter must also be defined.ERROR: Role '<role>' does not exist in database for user '<username>'.
The role specified in the LDAP user's profile does not have a corresponding authorization name in the SAND database.Note that this error is returned on the client side as "Role does not exist in database".
INFO: Role not found for user <'username'>.
The user was authenticated by LDAP, but the attribute specified by the LDAPROLE parameter was not found in the LDAP user's profile.Authentication method is not accepted
This message is returned in either of the following situations:
- the LDAPMODE setting does not include OPEN, and "_me_" is specified (the special "_me_" keyword can only be used in OPEN mode)
- the LDAPMODE setting does not include LOGIN, and full Active Directory login credentials are specified (Active Directory user name and password are only supplied in LOGIN mode).
No role assigned to user
The user is not a member of any of the groups in the LDAP bindings list, and no default group/role binding is defined.Role does not exist
The user specified a role (via the ROLE or PROMPTROLE ODBC parameter) that is not in the LDAP bindings list.Role is not specified for user
The user specified a role (via the ROLE or PROMPTROLE ODBC parameter) that is in the LDAP bindings list, but is not binded to a group with which the user is associated.User account is disabled
The specified Active Directory user account is currently deactivated and cannot be used to log in.User account is expired
The specified Active Directory user account is has expired and cannot be used to log in.User domain is required
The LDAPDOMAIN parameter has been set, but either the user does not have a domain or the client is running in UNIX, which does not support domains.User domain was refused
The user's domain was not found in the LDAPDOMAIN list.User password is expired
The password for the specified Active Directory user account has expired and must be changed before the account can be used to log in.