LDAP_PERSON_QUERY = (&(|(mail=${quote_ldap:${local_part}@${domain}})\
                        (alias=${quote_ldap:${local_part}@${domain}}))\
                      (objectclass=inetorgperson))

ldap_person:
  debug_print = "R: ldap_person for $local_part@$domain"
  driver = accept
  condition = ${if eq {}{${lookup ldap{ \
    user="LDAP_SERVICE_BIND_DN" \
    pass=LDAP_SERVICE_PASSWORD \
    ldap://LDAP_HOST:LDAP_PORT/LDAP_BASE_DN?mail?sub?LDAP_PERSON_QUERY} \
    }}{no}{yes}}
  transport = people_transport
  cannot_route_message = Unknown user
