What does LDAP result code 49 mean?

Result code 49 is invalidCredentials. It means the bind DN or password was wrong, or the account is locked, disabled or expired. Active Directory often appends a sub-code (like 52e for bad password or 533 for a disabled account) in the diagnostic message.

Is result code 0 an error?

No. Code 0 is success, meaning the operation completed normally. Several other non-error codes also exist, such as 5 (compareFalse), 6 (compareTrue) and 14 (saslBindInProgress), which appear in normal protocol flows rather than failure paths.

What is the difference between code 32 and code 34?

Code 32 is noSuchObject, meaning the target entry DN does not exist in the directory. Code 34 is invalidDNSyntax, meaning the DN string itself is malformed and could not even be parsed. One is a missing entry, the other is a bad name.

Which RFC defines LDAP result codes?

The core set is defined in RFC 4511, the LDAPv3 protocol specification, in section 4.1.9 and Appendix A. The Cancel operation adds codes 118 through 121 in RFC 3909. Vendor extensions may add others outside the standard range.

Does this reference send my queries anywhere?

No. The entire result-code table, search and filtering run locally in your browser with no network calls and no account. Nothing you type is uploaded.

LDAP Result Codes Reference

The LDAP Result Codes Reference is a fast, searchable lookup for the numeric result codes returned by every LDAP operation. When a bind, search, add, modify or delete completes, the server returns an LDAPResult whose resultCode field tells you exactly what happened — and the difference between code 32 and code 49 is the difference between a missing entry and a wrong password.

How it works

Every LDAP response carries an integer result code defined by RFC 4511 (the LDAPv3 protocol) in section 4.1.9 and Appendix A. Codes are not strictly grouped by range, but they fall into three practical categories: success (such as 0 success, 5 compareFalse, 6 compareTrue, 14 saslBindInProgress), referral (10 referral, which redirects the client to another server), and error (everything else). This tool stores the full table locally and filters it as you type — match on the number, the camelCase name, or any word in the description.

Common codes worth memorizing

0 success — the operation worked.
32 noSuchObject — the target DN does not exist.
49 invalidCredentials — wrong DN/password or a locked account.
50 insufficientAccessRights — authenticated but not authorized.
53 unwillingToPerform — the server refuses on policy grounds.
65 objectClassViolation — the entry breaks its schema.
68 entryAlreadyExists — an add collided with an existing entry.

Notes

Active Directory frequently returns code 49 for many distinct failures and encodes the real reason in the diagnostic message as a hex sub-code — for example 52e (bad password), 525 (user not found), 530 (logon time restriction), 532 (password expired) and 533 (account disabled). Always read the diagnostic string, not just the numeric code. Codes such as 9, 15, 35 and several ranges are unused or reserved and should never appear in a conformant response.

LDAP Result Codes Reference

Email me this result

How it works

Common codes worth memorizing

Notes