LDAP_RESOURCE_QUERY = (&(|(mail=${quote_ldap:${local_part}@${domain}})\
                          (alias=${quote_ldap:${local_part}@${domain}}))\
                        (&(!(objectclass=inetOrgPerson))(objectclass=mailRecipient)))

ldap_resource:
  debug_print = "R: ldap_resource for $local_part@$domain"
  driver = accept
  condition = ${if eq {}{${lookup ldap{ \
    user="$LDAP_SERVICE_BIND_DN" \
    pass=$LDAP_SERVICE_PASSWORD \
    $LDAP_SCHEME://$LDAP_HOST:$LDAP_PORT/$LDAP_BASE_DN?mail?sub?LDAP_RESOURCE_QUERY} \
    }}{no}{yes}}
  transport = resources_transport
  cannot_route_message = Unknown user
