|
|
|
|
When validating an email address, an LDAP verifier finds potential records using the <Filter> element. No matter which clause within the filter matched, each record returned is treated equally. Each record is matched against the canonical forms in order. The first canonical form that matches is returned. Therefore, unless the address to be validated happens to match the canonical form that the verifier returns, it is automatically an alias.
In contrast, the enumeration filter, defined in the <EnumFilter> element, produces every record that might contain email addresses. Any record could contain many email addresses, which leaves open the question "which one is the true canonical form and which are the aliases?" The <EnumFrom> and <EnumTo> elements contain this information.
If you do not specify <EnumFrom> and/or <EnumTo>, then their values are the same as the set of <Canonical> elements.
Whenever a record is returned from the <EnumFilter> search, two sets of <Canonical> forms are matched against the record: the <EnumFrom> and the <EnumTo> elements. The <EnumTo> matches in a manner similar to the <Canonical> element. The first set of attributes that can be bound to all the placeholders in the <EnumTo> element selects the email address for that record. The <StripPfx> element rules are also applied to this mapping. Each <EnumTo> element is tried in series until one of them can fill in all the blanks.
The <EnumTo> element differs from the <Canonical> element when it contains the %{rciVRFYdomain} placeholder. For verification, that placeholder is populated with the domain of the email address you are verifying. However, when enumerating, that placeholder is replaced with every domain that the verifier services.