Hi, is there an easy way to tell qmail-ldap NOT to use the standard 'mail' attribute when searching? Our ldap directory has to work as a public phone (or address) book, and in this case, the mail attribute is an informal one, i.e. it means "This is the address I'd like to be contacted". That address may be at some other provider, and must be able to be changed by the user, and therefore it doesn't necessarily contain the truth. As far as I know, qmail uses mailAlternateAddress and mail attributes to search for the ldap entry, which contains the needed information to proceed. It bounces the message when gets more than one results. If this is true, a malitious user (think of a student :) can acquire any number of addresses, or can prevent an ordinary user from receiving his/her mail. My idea is to keep the standard mail attribute (which can be found in standard object classes, like inetOrgPerson) be an informal one (writeable by the user self), and another attribute, for simplicity mailAlternateAddress a formal one, which is used by qmail (and not by the search engine), and which can only be modified by the administrator.
The easiest would be to change the LDAP_MAIL constant in qmai-ldap.h to 'mailAlternateAddress', but I'm not sure whether it breaks something. Of course, schema has to be corrected in this case, while mail is no longer a required attribute. Any comments on this? Kristof
