LDAP_RESOURCE_QUERY = (&(|(mail=${quote_ldap:${local_part}@${domain}})\
                          (alias=${quote_ldap:${local_part}@${domain}}))\
                        (&(!(objectclass=inetOrgPerson))(objectclass=mailRecipient)))

ldap_resource:
  debug_print = "R: ldap_resource for $local_part@$domain"
  driver = accept
  condition = ${if eq {}{${lookup ldap{ \
    user="LDAP_SERVICE_BIND_DN" \
    pass=LDAP_SERVICE_PASSWORD \
    ldap://LDAP_HOST:LDAP_PORT/LDAP_BASE_DN?mail?sub?LDAP_RESOURCE_QUERY} \
    }}{no}{yes}}
  transport = resources_transport
  cannot_route_message = Unknown user
