LDAP_PERSON_QUERY = (&(|(mail=${quote_ldap:${local_part}@${domain}})\
                        (alias=${quote_ldap:${local_part}@${domain}}))\
                      (objectclass=inetorgperson))

ldap_person:
  debug_print = "R: ldap_person for $local_part@$domain"
  driver = accept
  condition = ${if eq {}{${lookup ldap{ \
    user="$LDAP_SERVICE_BIND_DN" \
    pass=$LDAP_SERVICE_PASSWORD \
    $LDAP_SCHEME://$LDAP_HOST:$LDAP_PORT/$LDAP_BASE_DN?mail?sub?LDAP_PERSON_QUERY} \
    }}{no}{yes}}
  transport = people_transport
  cannot_route_message = Unknown user
