On 24 Jan 2005, [EMAIL PROTECTED] wrote: > Openldap schema checking may not prevent creation of duplicate addresses as > mailalternateaddress, but it should not be done. It is an error in the ldap > tree. Perhaps the lookup utility should break with a proper warning instead > of going with unpredictable result of returning just one of the two entries. > (Mine returns both entries.)
Agreed. Claudio, do you also think this is a bug in the lookup? > Anyway... Both qmail-send and qmail-verify recognize that more than one > result for a mail address lookup is an error and they will not deliver to > either recipient. I added duplicate [EMAIL PROTECTED] mailalternate > addresses and here is what I got. Great. Should your patch also guard against this possibility, though? That was my original concern. Someone malicious could set their mailAlternateAddress and break someone else's login in your system. In the current qmail-ldap, this apparently also disables mail delivery. Perhaps the docs should have a note about this, so users are not given access to editing of mailAlternateAddress. I was not aware of this until now - maybe others are not, either. Ted
