4 files changed, 320 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index eb50b02..c834a16 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,11 @@
 Noteworthy changes in version 1.19 (unreleased) [C/A/R]
 -----------------------------------------------
 
+ * New set of error codes for use with LDAP.
+
  * Interface changes relative to the 1.18 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPG_ERR_LDAP_*                   NEW.
 
 
 Noteworthy changes in version 1.18 (2015-01-26) [C14/A14/R0]
diff --git a/doc/errorref.txt b/doc/errorref.txt
index 7e6da8d..0393f16 100644
--- a/doc/errorref.txt
+++ b/doc/errorref.txt
@@ -755,3 +755,33 @@ GPG_ERR_INV_LOCK_OBJ		Invalid lock object
     GPGRT: - The provided lock object is not valid.  This indicates an
              internal problem in libgpg-error or more likely a
              programming error.
+
+
+
+
+GPG_ERR_LDAP_GENERAL		LDAP General error
+
+   Catch all error for LDAP.  Use if if can't map an erro rocde to an
+   gpg-error code.
+
+GPG_ERR_LDAP_ATTR_GENERAL	LDAP General attribute error
+GPG_ERR_LDAP_NAME_GENERAL	LDAP General name error
+GPG_ERR_LDAP_SECURITY_GENERAL	LDAP General security error
+GPG_ERR_LDAP_SERVICE_GENERAL	LDAP General service error
+GPG_ERR_LDAP_UPDATE_GENERAL	LDAP General update error
+GPG_ERR_LDAP_E_GENERAL		LDAP Experimental error code
+GPG_ERR_LDAP_X_GENERAL	        LDAP Private error code
+GPG_ERR_LDAP_OTHER_GENERAL	LDAP Other general error
+
+  All above may be used to map ranges of LDAP errors to one specific
+  code. OpenLDAP uses LDAP_xxx_RANGE(n) macros for tha mapping.
+  "Other general error" may be used similar to "General error" for
+  mapping of ranges.  Here are macros from OpenLDAP for reference
+
+  #define LDAP_ATTR_ERROR(n)	 LDAP_RANGE((n),0x10,0x15) /* 16-21 */
+  #define LDAP_NAME_ERROR(n)	 LDAP_RANGE((n),0x20,0x24) /* 32-34,36 */
+  #define LDAP_SECURITY_ERROR(n) LDAP_RANGE((n),0x2F,0x32) /* 47-50 */
+  #define LDAP_SERVICE_ERROR(n)	 LDAP_RANGE((n),0x33,0x36) /* 51-54 */
+  #define LDAP_UPDATE_ERROR(n)	 LDAP_RANGE((n),0x40,0x47) /* 64-69,71 */
+  #define LDAP_E_ERROR(n)	 LDAP_RANGE((n),0x1000,0x3FFF)
+  #define LDAP_X_ERROR(n)	 LDAP_RANGE((n),0x4000,0xFFFF)
diff --git a/doc/ldap2gpgerr.c b/doc/ldap2gpgerr.c
new file mode 100644
index 0000000..515bf40
--- /dev/null
+++ b/doc/ldap2gpgerr.c
@@ -0,0 +1,184 @@
+/* ldap2gpgerr.c - Mapping of LDAP error codes to gpg-error codes.
+ * Written in 2015 by Werner Koch <[email protected]>
+ *
+ * To the extent possible under law, the author(s) have dedicated all
+ * copyright and related and neighboring rights to this software to
+ * the public domain worldwide.  This software is distributed without
+ * any warranty.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication
+ * along with this software.  If not, see
+ *                 <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+/*
+ * These functions are not part of libgpg-error so not to introduce a
+ * dependency on a specific LDAP implementation.  Feel free to copy
+ * and distribute them with your code.
+ */
+
+#ifdef _WIN32
+# include <winsock2.h>
+# include <winldap.h>
+#else
+# include <ldap.h>
+#endif
+#include <gpg-error.h>
+
+
+/* Windows uses a few other names. Re-map them.  */
+#ifdef _WIN32
+# define LDAP_ADMINLIMIT_EXCEEDED            LDAP_ADMIN_LIMIT_EXCEEDED
+# define LDAP_UNAVAILABLE_CRITICAL_EXTENSION LDAP_UNAVAILABLE_CRIT_EXTENSION
+# define LDAP_TYPE_OR_VALUE_EXISTS           LDAP_ATTRIBUTE_OR_VALUE_EXISTS
+# define LDAP_INSUFFICIENT_ACCESS            LDAP_INSUFFICIENT_RIGHTS
+# define LDAP_VLV_ERROR                      LDAP_VIRTUAL_LIST_VIEW_ERROR
+#endif
+
+
+/* Map LDAP error CODE to an gpg_err_code_t.  */
+gpg_err_code_t
+map_ldap_to_gpg_error (int code)
+{
+  gpg_err_code_t ec;
+
+  switch (code)
+    {
+#ifdef LDAP_X_CONNECTING
+    case LDAP_X_CONNECTING: ec = GPG_ERR_LDAP_X_CONNECTING; break;
+#endif
+
+    case LDAP_REFERRAL_LIMIT_EXCEEDED: ec = GPG_ERR_LDAP_REFERRAL_LIMIT; break;
+    case LDAP_CLIENT_LOOP: ec = GPG_ERR_LDAP_CLIENT_LOOP; break;
+    case LDAP_NO_RESULTS_RETURNED: ec = GPG_ERR_LDAP_NO_RESULTS; break;
+    case LDAP_CONTROL_NOT_FOUND: ec = GPG_ERR_LDAP_CONTROL_NOT_FOUND; break;
+    case LDAP_NOT_SUPPORTED: ec = GPG_ERR_LDAP_NOT_SUPPORTED; break;
+    case LDAP_CONNECT_ERROR: ec = GPG_ERR_LDAP_CONNECT; break;
+    case LDAP_NO_MEMORY: ec = GPG_ERR_LDAP_NO_MEMORY; break;
+    case LDAP_PARAM_ERROR: ec = GPG_ERR_LDAP_PARAM; break;
+    case LDAP_USER_CANCELLED: ec = GPG_ERR_LDAP_USER_CANCELLED; break;
+    case LDAP_FILTER_ERROR: ec = GPG_ERR_LDAP_FILTER; break;
+    case LDAP_AUTH_UNKNOWN: ec = GPG_ERR_LDAP_AUTH_UNKNOWN; break;
+    case LDAP_TIMEOUT: ec = GPG_ERR_LDAP_TIMEOUT; break;
+    case LDAP_DECODING_ERROR: ec = GPG_ERR_LDAP_DECODING; break;
+    case LDAP_ENCODING_ERROR: ec = GPG_ERR_LDAP_ENCODING; break;
+    case LDAP_LOCAL_ERROR: ec = GPG_ERR_LDAP_LOCAL; break;
+    case LDAP_SERVER_DOWN: ec = GPG_ERR_LDAP_SERVER_DOWN; break;
+
+    case LDAP_SUCCESS: ec = GPG_ERR_LDAP_SUCCESS; break;
+
+    case LDAP_OPERATIONS_ERROR: ec = GPG_ERR_LDAP_OPERATIONS; break;
+    case LDAP_PROTOCOL_ERROR: ec = GPG_ERR_LDAP_PROTOCOL; break;
+    case LDAP_TIMELIMIT_EXCEEDED: ec = GPG_ERR_LDAP_TIMELIMIT; break;
+    case LDAP_SIZELIMIT_EXCEEDED: ec = GPG_ERR_LDAP_SIZELIMIT; break;
+    case LDAP_COMPARE_FALSE: ec = GPG_ERR_LDAP_COMPARE_FALSE; break;
+    case LDAP_COMPARE_TRUE: ec = GPG_ERR_LDAP_COMPARE_TRUE; break;
+    case LDAP_AUTH_METHOD_NOT_SUPPORTED: ec=GPG_ERR_LDAP_UNSUPPORTED_AUTH;break;
+    case LDAP_STRONG_AUTH_REQUIRED: ec = GPG_ERR_LDAP_STRONG_AUTH_RQRD; break;
+    case LDAP_PARTIAL_RESULTS: ec = GPG_ERR_LDAP_PARTIAL_RESULTS; break;
+    case LDAP_REFERRAL: ec = GPG_ERR_LDAP_REFERRAL; break;
+
+#ifdef LDAP_ADMINLIMIT_EXCEEDED
+    case LDAP_ADMINLIMIT_EXCEEDED: ec = GPG_ERR_LDAP_ADMINLIMIT; break;
+#endif
+
+#ifdef LDAP_UNAVAILABLE_CRITICAL_EXTENSION
+    case LDAP_UNAVAILABLE_CRITICAL_EXTENSION:
+                               ec = GPG_ERR_LDAP_UNAVAIL_CRIT_EXTN; break;
+#endif
+
+    case LDAP_CONFIDENTIALITY_REQUIRED: ec = GPG_ERR_LDAP_CONFIDENT_RQRD; break;
+    case LDAP_SASL_BIND_IN_PROGRESS: ec = GPG_ERR_LDAP_SASL_BIND_INPROG; break;
+    case LDAP_NO_SUCH_ATTRIBUTE: ec = GPG_ERR_LDAP_NO_SUCH_ATTRIBUTE; break;
+    case LDAP_UNDEFINED_TYPE: ec = GPG_ERR_LDAP_UNDEFINED_TYPE; break;
+    case LDAP_INAPPROPRIATE_MATCHING: ec = GPG_ERR_LDAP_BAD_MATCHING; break;
+    case LDAP_CONSTRAINT_VIOLATION: ec = GPG_ERR_LDAP_CONST_VIOLATION; break;
+
+#ifdef LDAP_TYPE_OR_VALUE_EXISTS
+    case LDAP_TYPE_OR_VALUE_EXISTS: ec = GPG_ERR_LDAP_TYPE_VALUE_EXISTS; break;
+#endif
+
+    case LDAP_INVALID_SYNTAX: ec = GPG_ERR_LDAP_INV_SYNTAX; break;
+    case LDAP_NO_SUCH_OBJECT: ec = GPG_ERR_LDAP_NO_SUCH_OBJ; break;
+    case LDAP_ALIAS_PROBLEM: ec = GPG_ERR_LDAP_ALIAS_PROBLEM; break;
+    case LDAP_INVALID_DN_SYNTAX: ec = GPG_ERR_LDAP_INV_DN_SYNTAX; break;
+    case LDAP_IS_LEAF: ec = GPG_ERR_LDAP_IS_LEAF; break;
+    case LDAP_ALIAS_DEREF_PROBLEM: ec = GPG_ERR_LDAP_ALIAS_DEREF; break;
+
+#ifdef LDAP_X_PROXY_AUTHZ_FAILURE
+    case LDAP_X_PROXY_AUTHZ_FAILURE: ec = GPG_ERR_LDAP_X_PROXY_AUTH_FAIL; break;
+#endif
+
+    case LDAP_INAPPROPRIATE_AUTH: ec = GPG_ERR_LDAP_BAD_AUTH; break;
+    case LDAP_INVALID_CREDENTIALS: ec = GPG_ERR_LDAP_INV_CREDENTIALS; break;
+
+#ifdef LDAP_INSUFFICIENT_ACCESS
+    case LDAP_INSUFFICIENT_ACCESS: ec = GPG_ERR_LDAP_INSUFFICIENT_ACC; break;
+#endif
+
+    case LDAP_BUSY: ec = GPG_ERR_LDAP_BUSY; break;
+    case LDAP_UNAVAILABLE: ec = GPG_ERR_LDAP_UNAVAILABLE; break;
+    case LDAP_UNWILLING_TO_PERFORM: ec = GPG_ERR_LDAP_UNWILL_TO_PERFORM; break;
+    case LDAP_LOOP_DETECT: ec = GPG_ERR_LDAP_LOOP_DETECT; break;
+    case LDAP_NAMING_VIOLATION: ec = GPG_ERR_LDAP_NAMING_VIOLATION; break;
+    case LDAP_OBJECT_CLASS_VIOLATION: ec = GPG_ERR_LDAP_OBJ_CLS_VIOLATION; break;
+    case LDAP_NOT_ALLOWED_ON_NONLEAF: ec=GPG_ERR_LDAP_NOT_ALLOW_NONLEAF;break;
+    case LDAP_NOT_ALLOWED_ON_RDN: ec = GPG_ERR_LDAP_NOT_ALLOW_ON_RDN; break;
+    case LDAP_ALREADY_EXISTS: ec = GPG_ERR_LDAP_ALREADY_EXISTS; break;
+    case LDAP_NO_OBJECT_CLASS_MODS: ec = GPG_ERR_LDAP_NO_OBJ_CLASS_MODS; break;
+    case LDAP_RESULTS_TOO_LARGE: ec = GPG_ERR_LDAP_RESULTS_TOO_LARGE; break;
+    case LDAP_AFFECTS_MULTIPLE_DSAS: ec = GPG_ERR_LDAP_AFFECTS_MULT_DSAS; break;
+
+#ifdef LDAP_VLV_ERROR
+    case LDAP_VLV_ERROR: ec = GPG_ERR_LDAP_VLV; break;
+#endif
+
+    case LDAP_OTHER: ec = GPG_ERR_LDAP_OTHER; break;
+
+#ifdef LDAP_CUP_RESOURCES_EXHAUSTED
+    case LDAP_CUP_RESOURCES_EXHAUSTED: ec=GPG_ERR_LDAP_CUP_RESOURCE_LIMIT;break;
+    case LDAP_CUP_SECURITY_VIOLATION: ec=GPG_ERR_LDAP_CUP_SEC_VIOLATION; break;
+    case LDAP_CUP_INVALID_DATA: ec = GPG_ERR_LDAP_CUP_INV_DATA; break;
+    case LDAP_CUP_UNSUPPORTED_SCHEME: ec = GPG_ERR_LDAP_CUP_UNSUP_SCHEME; break;
+    case LDAP_CUP_RELOAD_REQUIRED: ec = GPG_ERR_LDAP_CUP_RELOAD; break;
+#endif
+
+#ifdef LDAP_CANCELLED
+    case LDAP_CANCELLED: ec = GPG_ERR_LDAP_CANCELLED; break;
+#endif
+
+#ifdef LDAP_NO_SUCH_OPERATION
+    case LDAP_NO_SUCH_OPERATION: ec = GPG_ERR_LDAP_NO_SUCH_OPERATION; break;
+#endif
+
+#ifdef LDAP_TOO_LATE
+    case LDAP_TOO_LATE: ec = GPG_ERR_LDAP_TOO_LATE; break;
+#endif
+
+#ifdef LDAP_CANNOT_CANCEL
+    case LDAP_CANNOT_CANCEL: ec = GPG_ERR_LDAP_CANNOT_CANCEL; break;
+#endif
+
+#ifdef LDAP_ASSERTION_FAILED
+    case LDAP_ASSERTION_FAILED: ec = GPG_ERR_LDAP_ASSERTION_FAILED; break;
+#endif
+
+#ifdef LDAP_PROXIED_AUTHORIZATION_DENIED
+    case LDAP_PROXIED_AUTHORIZATION_DENIED:
+                                      ec = GPG_ERR_LDAP_PROX_AUTH_DENIED; break;
+#endif
+
+    default:
+#if defined(LDAP_E_ERROR) && defined(LDAP_X_ERROR)
+      if (LDAP_E_ERROR (code))
+        ec = GPG_ERR_LDAP_E_GENERAL;
+      else if (LDAP_X_ERROR (code))
+        ec = GPG_ERR_LDAP_X_GENERAL;
+      else
+#endif
+        ec = GPG_ERR_LDAP_GENERAL;
+      break;
+    }
+
+  return ec;
+}
diff --git a/src/err-codes.h.in b/src/err-codes.h.in
index 9e1924d..6a2fe6c 100644
--- a/src/err-codes.h.in
+++ b/src/err-codes.h.in
@@ -314,9 +314,110 @@
 
 # 282 to 299 are reserved for future assuan codes.
 
-# 300 to 1023 are free to be used.
+# 300 to 720 are free to be used.
 
-# For free use by non-GnuPG components.
+#
+# Mapping of LDAP error codes
+#
+# The numbers reflect the OpenLDAP code with an offset of 768.
+# Some error names are shortened
+#
+721	GPG_ERR_LDAP_GENERAL		LDAP General error
+722	GPG_ERR_LDAP_ATTR_GENERAL	LDAP General attribute error
+723	GPG_ERR_LDAP_NAME_GENERAL	LDAP General name error
+724	GPG_ERR_LDAP_SECURITY_GENERAL	LDAP General security error
+725	GPG_ERR_LDAP_SERVICE_GENERAL	LDAP General service error
+726	GPG_ERR_LDAP_UPDATE_GENERAL	LDAP General update error
+727	GPG_ERR_LDAP_E_GENERAL		LDAP Experimental error code
+728	GPG_ERR_LDAP_X_GENERAL		LDAP Private error code
+729	GPG_ERR_LDAP_OTHER_GENERAL	LDAP Other general error
+# 730 to 749 not used
+750	GPG_ERR_LDAP_X_CONNECTING	Connecting failed (X)
+751	GPG_ERR_LDAP_REFERRAL_LIMIT	Referral limit exceeded
+752	GPG_ERR_LDAP_CLIENT_LOOP	Client loop
+# 753 is an obsolete error code
+754	GPG_ERR_LDAP_NO_RESULTS		No results returned
+755	GPG_ERR_LDAP_CONTROL_NOT_FOUND	Control not found
+756	GPG_ERR_LDAP_NOT_SUPPORTED	Not supported
+757	GPG_ERR_LDAP_CONNECT		Connect error
+758	GPG_ERR_LDAP_NO_MEMORY		Out of memory
+759	GPG_ERR_LDAP_PARAM		Bad parameter to an LDAP routine
+760	GPG_ERR_LDAP_USER_CANCELLED	User cancelled operation
+761	GPG_ERR_LDAP_FILTER		Bad search filter
+762	GPG_ERR_LDAP_AUTH_UNKNOWN	Unknown authentication method
+763	GPG_ERR_LDAP_TIMEOUT		Timeout
+764	GPG_ERR_LDAP_DECODING		Decoding error
+765	GPG_ERR_LDAP_ENCODING		Encoding error
+766	GPG_ERR_LDAP_LOCAL		LDAP Local error
+767	GPG_ERR_LDAP_SERVER_DOWN	Cannot contact LDAP server
+768	GPG_ERR_LDAP_SUCCESS		Success
+769	GPG_ERR_LDAP_OPERATIONS		Operations error
+770	GPG_ERR_LDAP_PROTOCOL		Protocol error
+771	GPG_ERR_LDAP_TIMELIMIT		Time limit exceeded
+772	GPG_ERR_LDAP_SIZELIMIT		Size limit exceeded
+773	GPG_ERR_LDAP_COMPARE_FALSE	Compare false
+774	GPG_ERR_LDAP_COMPARE_TRUE	Compare true
+775	GPG_ERR_LDAP_UNSUPPORTED_AUTH	Authentication method not supported
+776	GPG_ERR_LDAP_STRONG_AUTH_RQRD	Strong(er) authentication required
+777	GPG_ERR_LDAP_PARTIAL_RESULTS	Partial results and referral received
+778	GPG_ERR_LDAP_REFERRAL		Referral
+779	GPG_ERR_LDAP_ADMINLIMIT		Administrative limit exceeded
+780	GPG_ERR_LDAP_UNAVAIL_CRIT_EXTN	Critical extension is unavailable
+781	GPG_ERR_LDAP_CONFIDENT_RQRD	Confidentiality required
+782	GPG_ERR_LDAP_SASL_BIND_INPROG	SASL bind in progress
+# 783 not used
+784	GPG_ERR_LDAP_NO_SUCH_ATTRIBUTE	No such attribute
+785	GPG_ERR_LDAP_UNDEFINED_TYPE	Undefined attribute type
+786	GPG_ERR_LDAP_BAD_MATCHING	Inappropriate matching
+787	GPG_ERR_LDAP_CONST_VIOLATION	Constraint violation
+788	GPG_ERR_LDAP_TYPE_VALUE_EXISTS	Type or value exists
+789	GPG_ERR_LDAP_INV_SYNTAX		Invalid syntax
+# 790 to 799 not used
+800	GPG_ERR_LDAP_NO_SUCH_OBJ	No such object
+801	GPG_ERR_LDAP_ALIAS_PROBLEM	Alias problem
+802	GPG_ERR_LDAP_INV_DN_SYNTAX	Invalid DN syntax
+803	GPG_ERR_LDAP_IS_LEAF		Entry is a leaf
+804	GPG_ERR_LDAP_ALIAS_DEREF	Alias dereferencing problem
+# 805 to 814 not used
+815	GPG_ERR_LDAP_X_PROXY_AUTH_FAIL	Proxy authorization failure (X)
+816	GPG_ERR_LDAP_BAD_AUTH		Inappropriate authentication
+817	GPG_ERR_LDAP_INV_CREDENTIALS	Invalid credentials
+818	GPG_ERR_LDAP_INSUFFICIENT_ACC	Insufficient access
+819	GPG_ERR_LDAP_BUSY		Server is busy
+820	GPG_ERR_LDAP_UNAVAILABLE	Server is unavailable
+821	GPG_ERR_LDAP_UNWILL_TO_PERFORM	Server is unwilling to perform
+822	GPG_ERR_LDAP_LOOP_DETECT	Loop detected
+# 823 to 831 not used
+832	GPG_ERR_LDAP_NAMING_VIOLATION	Naming violation
+833	GPG_ERR_LDAP_OBJ_CLS_VIOLATION	Object class violation
+834	GPG_ERR_LDAP_NOT_ALLOW_NONLEAF	Operation not allowed on non-leaf
+835	GPG_ERR_LDAP_NOT_ALLOW_ON_RDN	Operation not allowed on RDN
+836	GPG_ERR_LDAP_ALREADY_EXISTS	Already exists
+837	GPG_ERR_LDAP_NO_OBJ_CLASS_MODS	Cannot modify object class
+838	GPG_ERR_LDAP_RESULTS_TOO_LARGE	Results too large
+839	GPG_ERR_LDAP_AFFECTS_MULT_DSAS	Operation affects multiple DSAs
+# 840 to 843 not used
+844	GPG_ERR_LDAP_VLV		Virtual list view error
+# 845 to 847 not used
+848	GPG_ERR_LDAP_OTHER		Other LDAP error
+# 849 to 880 not used
+881	GPG_ERR_LDAP_CUP_RESOURCE_LIMIT	LCUP Resources exhausted
+882	GPG_ERR_LDAP_CUP_SEC_VIOLATION	LCUP Security violation
+883	GPG_ERR_LDAP_CUP_INV_DATA	LCUP Invalid data
+884	GPG_ERR_LDAP_CUP_UNSUP_SCHEME	LCUP Unsupported scheme
+885	GPG_ERR_LDAP_CUP_RELOAD		LCUP Reload required
+886	GPG_ERR_LDAP_CANCELLED		LDAP Cancelled
+887	GPG_ERR_LDAP_NO_SUCH_OPERATION	No operation to cancel
+888	GPG_ERR_LDAP_TOO_LATE		Too late to cancel
+889	GPG_ERR_LDAP_CANNOT_CANCEL	Cannot cancel
+890	GPG_ERR_LDAP_ASSERTION_FAILED	Assertion failed
+891	GPG_ERR_LDAP_PROX_AUTH_DENIED	Proxied authorization denied
+
+# 892 to 950 are reserved for future LDAP codes.
+
+# 951 to 1023 are free to be used.
+
+# For free use by non-GnuPG components:
 1024	GPG_ERR_USER_1			User defined error code 1
 1025	GPG_ERR_USER_2			User defined error code 2
 1026	GPG_ERR_USER_3			User defined error code 3