Overview#

LDAP_CONSTRAINT_VIOLATION, which is LDAP Result Code 19, implies there is a constraint on the operation that is being attempted.

Unfortunately, few LDAP Server Implementations provide meaningful information on why the LDAP_CONSTRAINT_VIOLATION was applied.

Microsoft Active Directory#

A typical error might shows as:

 Message:  <ldap-err ldap-rc="19" ldap-rc-name="LDAP_CONSTRAINT_VIOLATION">
        <client-err ldap-rc="19" ldap-rc-name="LDAP_CONSTRAINT_VIOLATION">Constraint Violation</client-err>
        <server-err>00002081: AtrErr: DSID-031513A5, #1:
        0: 00002081: DSID-031513A5, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 3 (cn)

Where the "CONSTRAINT_ATT_TYPE" and "(cn)" imply there is a constraint an the value or values that are attempting to be set for cn

More Information#

There might be more information for this subject on one of the following:

• Draft-behera-ldap-password-policy
• LDAP Modify-Increment Extension
• LDAP Result Codes
• LDAP To JNDI Result Code Mappings
• PasswordInHistory
• PasswordPolicyResponse
• PasswordTooShort
• PasswordTooYoung