Explanation | The syntax for defining a base entry is <baseEntry name="..." baseDN="...."/>. |
Action | Fix the base entry definition in the server.xml file. |
Explanation | The syntax or structure of this filter is: LDAP attribute=$[Client certificate attribute] (for example, uid=$[SubjectCN]). The left side of the filter specification is an LDAP attribute that depends on the schema that your LDAP server is configured to use. The right side of the filter specification is one of the public attributes in your client certificate. The right side must begin with a dollar sign ($) and an open brace ({ or [) and end with a close brace (} or ]). You can use the following certificate attribute values on the right side of the filter specification. The strings are case sensitive: $[UniqueKey], $[PublicKey], $[Issuer], $[NotAfter], $[NotBefore], $[SerialNumber], $[SigAlgName], $[SigAlgOID], $[SigAlgParams], $[SubjectCN], $[Version]. |
Action | Ensure that the certificate filter follows the documented syntax. |
Explanation | The Distinguished Name (DN) field specified in the certificate filter is unknown. |
Action | Ensure that the certificate filter is correct. For more information, see the certification configuration documentation. |
Explanation | The specified initialization property is mandatory. The user registry operation cannot start without it. |
Action | Ensure this property is specified in the server.xml file. Ensure this property is not empty or null. |
Explanation | TBSCertificate certificate attribute cannot be used in the filter specification. You can use the following certificate attribute values on the right side of the filter specification. The strings are case sensitive: ${UniqueKey}, ${PublicKey}, ${Issuer}, ${NotAfter}, ${NotBefore}, ${SerialNumber}, ${SigAlgName}, ${SigAlgOID}, ${SigAlgParams}, ${SubjectCN}, ${Version}. |
Action | Ensure that the certificate filter is correct. |
Explanation | You can use only the following certificate attribute values on the right side of the filter specification. The strings are case sensitive: ${UniqueKey}, ${PublicKey}, ${Issuer}, ${NotAfter}, ${NotBefore}, ${SerialNumber}, ${SigAlgName}, ${SigAlgOID}, ${SigAlgParams}, ${SubjectCN}, ${Version}. |
Action | Ensure that the certificate filter is correct. |
Explanation | The specified property is not defined. |
Action | Ensure that the property is defined or use the correct property name. |
Explanation | The value of the property is not valid. For example, an identifier type property points to an incorrect entry. |
Action | Ensure that the value of the property is correct and is of the correct data type. If you are trying to retrieve identifier type property along with other properties, then split them into two calls. One call to retrieve non-identifier type properties and the other call to retrieve the identifier type property. |
Explanation | Search principalName with other properties in a search expression is not supported. |
Action | Do not use principalName in search operations along with other properties. |
Explanation | The operation cannot be performed because the value of the mandatory property is missing. For example, RDN (Relative Distinguished Name) property is not specified when the entity is created; or propertyName or entityTypeName is missing from PropertyDefinitionControl or ExtensionPropertyDefinitionControl; or entityName is missing from the entitySchema. |
Action | Provide a value for the mandatory property. |
Explanation | The program encountered a system exception while performing the user registry operation. |
Action | Review the logs for the cause of this error and take appropriate corrective actions. |
Explanation | The program encountered the specified error during the operation. |
Action | Review the logs for the cause of this error and take appropriate corrective actions. |
Explanation | The specified entity name, which could be a uniqueName or a uniqueId, could not be found in the underlying repository. The user registry operation cannot continue without finding this entity. |
Action | Ensure that the entity exists in the underlying repository. If the entity exists, then verify that the read permission is set for the entity and try again. |
Explanation | The specified user is trying to clear the entire cache of the specified repository by using the clearAll mode. |
Action | This message is logged for audit purposes. |
Explanation | The specified clear cache mode is not supported for this repository. |
Action | Specify a clear cache mode that is supported for the specified repository. |
Explanation | The specified clear cache mode is invalid for this repository. |
Action | Specify the correct clear cache mode. The cache will not be cleared for the specified repository unless a valid clear cache mode is provided. |
Explanation | The value of the property level, was specified as a negative number. |
Action | The value of the property, level, must be either 0 or a positive integer. Change the value of the property level and then try again. |
Explanation | The specified distinguished name (DN) is not valid. The user registry operation cannot continue without a valid DN. |
Action | Ensure that the syntax of the distinguished name is correct. For example, review for escape characters. |
Explanation | The message indicates that a general naming exception has occurred during an LDAP operation. See the exception for additional details. |
Action | Ensure that the related repository (for example, a database or an LDAP server) is started and set up correctly. |
Explanation | The data type specified does not match with the data type that is defined for the property. For example, the data type defined in the configured user registry is a binary, but the data type defined in the back-end repository is a string. |
Action | Ensure that the data type of the property is the same both in the configured user registry and in the back-end repository. |
Explanation | The group related operations, such as assigning members to a group or getting the members of a group, are only applicable to the Group entity type. An exception is thrown if the specified entity is not of a Group type. |
Action | Ensure that the specified entity type is of Group type. For the LDAP adapter, ensure that the object class that is defined for the Group entity type matches with the actual object class of group. |
Explanation | The LDAP entry for the specified entity is not found on the LDAP server. |
Action | Ensure that the unique name of the entity is correctly specified. Ensure that the node mapping of the LDAP repository is correctly defined. |
Explanation | The LDAP attribute used as the external identifier must be unique and cannot contain multiple values. |
Action | Ensure that the correct attribute is chosen for the external identifier. If no appropriate attribute exists, the distinguished name can be used as the external identifier. |
Explanation | The specified principal name cannot be authenticated because the password verification failed. |
Action | Ensure that both the principal name and the password are specified correctly. Ensure that the account is not locked and that the account is enabled. |
Explanation | The entity type defined in the server.xml file must be unique. |
Action | Edit the server.xml file to remove the duplicate entity type. |
Explanation | The initial context pool size should be less the maximum context pool size. |
Action | Ensure that the initial context pool size is less than the maximum context pool size or set the maximum context pool size to 0. |
Explanation | The preferred context pool size should be less than the maximum context pool size. |
Action | Ensure that the preferred context pool size is less than the maximum context pool size or set the maximum context pool size to 0. |
Explanation | If the principal name is specified during login, the password cannot be null or empty. |
Action | Specify the password. |
Explanation | The LDAP attribute used as the external identifier must contain a value for each entity. |
Action | Ensure that the correct attribute is chosen for the external identifier. If no appropriate attribute exists, the distinguished name can be used as the external identifier. |
Explanation | If a repository supports change tracking as specified by the 'supportChangeLog' flag for the repository in the server.xml file, then the checkpoint passed for it in the ChangeControl should not be empty or null. |
Action | Try the search again with a valid checkpoint or disable 'supportChangeLog' for that repository in the server.xml file, if the user registry adapter is not capable of change tracking. |
Explanation | Cannot connect to the primary LDAP server. Connection to the failover server will occur if configured in the server.xml file. See the failover documentation for more information. |
Action | Ensure that the specified LDAP server is up and running. |
Explanation | The user registry is now connected to the specified LDAP Server. |
Action | No user action required. |
Explanation | The specified attribute must be defined. |
Action | Specify the value for the missing attribute. |
Explanation | The SSL configuration alias, host, or port provided in the SSL-LDAP configuration is incorrect. |
Action | Provide the correct SSL configuration information needed to connect to the SSL-enabled LDAP server. |
Explanation | The following LDAP server types are supported: Netscape Directory Server, IBM Lotus Domino, IBM SecureWay Directory Server, Microsoft Active Directory, Sun Java System Directory Server, IBM Tivoli Directory Server, Novell eDirectory, Custom. |
Action | Specify a supported LDAP server type. |
Explanation | If the sslEnabled attribute is set to true, you must also enable the SSL feature. |
Action | Either set the sslEnabled attribute to false, or enable the SSL feature. |
Explanation | The syntax for defining a failover server is <server host="..." port="..." />. |
Action | Fix the failover server definition in the configuration. |
Explanation | The server may be down or the port may be wrong. |
Action | Verify the server is up and the port number is correct. |
Explanation | The bindDN and bindPassword are incorrect or the port may be wrong. |
Action | Check the configured bindDN and bindPassword are correct for the configured LDAP server. |