Re: ldap_bind: DSA is unavailable - newby help please ;) Got a bit further...

[Chris Ridd <C.Ridd@isode.com>]

On Thu, 05 Nov 1998 03:14:34 GMT, Blake Binkley wrote:
> the DN for that entry is unqualified...
> the ldif file exported by netscape does not work as an import system,
> here's what an ldif should look
> like for you to have a proper e-mail address for netscape to look up
> 
> ---- cut here ----
> dn: o=Syrex Intranets, c=za
> o: Syrex Intranets
> objectclass: organization
> 
> dn: cn=David Herselman, o=Syrex Intranets, c=US
> cn: David Herselman
> sn: David Herselman
> mail: davidh@syrex.co.za
> title: Mr.
> o: Syrex Intranets
> objectclass: person
> 
> ---- cut here ---
> the blank lines must be there for it to know it is done with one record
> and that you are proceeding to the next record.

That shouldn't work either, and David's entry's DN should probably end 
c=ZA instead of c=US. Also the object classes used in his entry do not 
permit mail or title or o so a server that does schema checking should 
refuse to add it.

Try the following instead:
---- cut here ----
dn: o=Syrex Intranets, c=za
o: Syrex Intranets
objectclass: organization

dn: cn=David Herselman, o=Syrex Intranets, c=ZA
cn: David Herselman
sn: Herselman
mail: davidh@syrex.co.za
title: Mr.
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson

---- cut here ---

Organizationalperson permits the title attribute.

Inetorgperson permits the mail attribute.

I couldn't offhand see an objectclass that had an o attribute (apart 
from organization of course) so I removed that attribute from the 
entry. It's part of the DN so it doesn't seem too useful to have it in 
the entry as well.

Cheers,

Chris