In my Postfix config, I have smtpd_sender_login_maps pointing to a file ldap-senders.cf that contains the following:
root@mail:/# cat /etc/postfix/ldap-senders.cf
bind = yes
bind_dn = cn=Administrator,cn=users,dc=internal,dc=DOMAIN,dc=com
bind_pw = SomeP@5sword
query_filter = (|(mail=%s)(proxyAddresses=smtp:%s)(memberOf=cn=Domain Admins,cn=Users,dc=*))
result_attribute = mail, uid
search_base = dc=internal,dc=DOMAIN,dc=com
server_host = dc1.internal.DOMAIN.com
start_tls = yes
version = 3
This allows the users to send email only from what is stored in their mail or proxyAddress attributes in Active Directory, or any member of Domain Admins to send emails as any user.
THE QUESTION:
Now I would like to add a new group Support Users, so that the members of this group can send email using what is stored in their mail attributes in AD (as shown above), or using support@DOMAIN.COM email (and this Email cannot be stored manually for every user as an alias, of course). How can I achieve this? I am not sure how I can achieve this using this LDAP filtering (if it is possible at all). It may look similar to this:
...
query_filter = (| ...
(&
(memberOf=cn=Support Users,cn=Users,dc=*)
(%s=support@DOMAIN.COM) # <<<<<<<<< HOW TO ACHIEVE THIS LOGIC?
)
)
...
