[directory."ldap"]
type = "ldap"
address = "ldap://lldap:3890"
base-dn = "{{ ldap_base_dn }}"
timeout = "30s"
tls.enable = false

[directory."ldap".bind]
dn = "{{ mailserver_secrets['ldap_user'] }}"
secret = "{{ mailserver_secrets['ldap_password'] }}"

[directory."ldap".bind.auth]
enable = true
dn = "uid=?,ou=people,{{ ldap_base_dn }}"

[directory."ldap".filter]
name = "(&(|(objectClass=person)(objectClass=posixGroup))(uid=?))"
email = "(&(|(objectClass=person)(objectClass=posixGroup))(|(mail=?)(mailAlias=?)(mailList=?))(mail=*@{{ domain }}))"
verify = "(&(|(objectClass=person)(objectClass=posixGroup))(|(mail=*?*)(mailAlias=*?*)))"
expand = "(&(|(objectClass=person)(objectClass=posixGroup))(mailList=?))"
domains = "(&(|(objectClass=person)(objectClass=posixGroup))(|(mail=*@?)(mailAlias=*@?)))"

[directory."ldap".attributes]
name = "uid"
type = "objectClass"
description = ["distinguishedName"]
email = "mail"
email-alias = "mailAlias"