On 25 Jan 2005, [EMAIL PROTECTED] wrote: On Tue, Jan 25, 2005 at 10:50:46AM -0500, Ted Zlatanov wrote: > >> Great. Should your patch also guard against this possibility, though? >> That was my original concern. Someone malicious could set their >> mailAlternateAddress and break someone else's login in your system. > > You could possibly guard against this (I haven't tried it myself) by > setting read only access to "mail" and "mailAlternateAddress" to user > "self" in the slapd.conf file: > http://www.openldap.org/doc/admin22/slapdconfig.html#Access%20Control > I haven't tried it though. > > And then force users to go through a webpage to add aliases to their > account. That might seem like a pain, but I wouldn't want users adding > aliases of other known users and reading their email.
We already do this. Users update Ganymede, which enforces this, and then Ganymede triggers a LDAP update for the specific user. > I'm not sure if there is a way to put into the qmail-ldap LDAP schema > that mail and mailAlternateAddress should be unique across all users -- > there might be a way with "mail" as openldap doesn't allow you to create > two users with the same DN. But I doubt there is a way with the multi > field mailAlternateAddress. I think it's fine as it is, the docs (as Claudio mentioned) just need to mention it. It's a slight security risk but generally won't be exploitable by default (or by outsiders, which is the bigger concern). > You mean you've never accidently copied an email address to someone > else's account without deleting it from the original? Not that I've > ever done that myself ... I did it for this test, while trying to break things, but I'm generally not editing LDAP directly and our tools (Ganymede, as I mentioned) enforce uniqueness. Thanks for the great suggestions. Ted
