Openldap schema checking may not prevent creation of duplicate addresses as mailalternateaddress, but it should not be done. It is an error in the ldap tree. Perhaps the lookup utility should break with a proper warning instead of going with unpredictable result of returning just one of the two entries. (Mine returns both entries.)
Anyway... Both qmail-send and qmail-verify recognize that more than one result for a mail address lookup is an error and they will not deliver to either recipient. I added duplicate [EMAIL PROTECTED] mailalternate addresses and here is what I got. ____SMTP____ [EMAIL PROTECTED] root 1]# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to rhes3-build-1 (127.0.0.1). Escape character is '^]'. helo tehre220 build-1.asdf.com. ESMTP 250 build-1.asdf.com. mail from: [EMAIL PROTECTED] 250 ok rcpt to: [EMAIL PROTECTED] 451 temporary ldap lookup failure, try again later Just to be thourough, I injected the message manually: __QMAIL_SEND_LOG___ starting delivery 3: msg 327823 to local [EMAIL PROTECTED] delivery 3: failure: Too_many_results_returned_but_needs_to_be_unique._(#5.3.5)/ __THE_BOUNCE__ Return-Path: <> Delivered-To: [EMAIL PROTECTED] Received: (qmail 22796 invoked for bounce); 25 Jan 2005 01:15:07 -0000 Date: 25 Jan 2005 01:15:07 -0000 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure notice Hi. This is the qmail-send program at build-1.binc.net.. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[EMAIL PROTECTED]>: Too many results returned but needs to be unique. (#5.3.5) --- Below this line is a copy of the message. ...cut... On Monday 24 January 2005 10:12 am, Ted Zlatanov wrote: > On 20 Jan 2005, [EMAIL PROTECTED] wrote: > > On Thu, Jan 20, 2005 at 04:53:03PM -0500, Ted Zlatanov wrote: > > > >> While this appears useful at first glance, what if several users have > >> the same e-mail address? Which password will you check? > > > > Can you have more than one user with the same email address in > > qmail-ldap? Try having two with the same one (ie [EMAIL PROTECTED]) and > > look > > it up: > > qmail-ldaplookup -m [EMAIL PROTECTED] > > I was able to create two users with the same e-mail address under > mailAlternateAddress, but qmail-ldaplookup only reported the first > one. I'm not sure why. > > This was the setup: > > user A had mailAlternateAddress [EMAIL PROTECTED] > user B had mailAlternateAddress [EMAIL PROTECTED] > > "qmail-ldaplookup -m [EMAIL PROTECTED]" only reported user A. > > Maybe I'm doing something wrong, but this looks strange. I'm no LDAP > expert. > > Anyhow, I still think your patch is a good idea (but it should be > configurable, not always on). I'm just concerned about duplicate > addresses. > > Ted
