I am using Ldap in Debian 11 to authenticate users for Postfix against MS Active Directory with domain mandala.com. The request uses the user's email edmond@example.com to search with this script:
<code>
server_host = 192.168.2.3
search_base = dc=example,dc=com
version = 3
bind = yes
start_tls = no
bind_dn = vmail
bind_pw = mypass
scope = sub
query_filter = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format = %d/%u/Maildir/
debuglevel = 1
</code>
The problem is that Postfix uses the user's email edmond@example.com while on the Ad the user is edmond@mandala.com, hence the recipient cannot be found.
if I run an ldapsearch on the command line using dc=mandala, dc=com the user is found.
I solved it passing the mail attribute
<code>
query_filter = (&(objectclass=person)(mail=%s))
result_attribute= mail
<code>