Hi Bob,
im playing with kopano and AD LDAP since many days now.
Yes you are right the kopanoDynamicGroups and kopanoAddressLists are handled by kopano internally befor any postfix aktivities.
But you can play with additional virtual_alias_maps as i did.
The special_result_attribut is used for recursion, but it must be a DN or LDAP URL.
The kopanoFilter Attribute used by kopano is only a query fragment, and can not directly be used with special_result_attribut :-(
Assuming our kopanoDynamicGroup named grp-London has a kopanoFilter like this with email grp-london@<your-domain>
(physicalDeliveryOfficeName=London)
we expect something like this as URL result to use with special_result_attribut
ldap://<your-server-ip>:389/ou=users,dc=<your>,dc=<domain>?mail?sub?(physicalDeliveryOfficeName=London)
unfortunately we can not use URI with kopanoFilter :-(
My Workaround:
When using the dangerous ADSI-Editor you can change the attribute url of your kopanoDynamicGroup to use as our LDAP URI
And here is what we use in virtual_alias_maps
Our testfile ldap-kopano-dynGroup.cf
server_host = ldap://<your-server-ip>
server_port = 389
search_base = dc=<your>,dc=<domain>
version = 3
bind = yes
bind_dn = <your-bind-dn>
bind_pw = <your-bind-password>
query_filter = (&(objectclass=kopanoDynamicGroup)(kopanoAccount=1)(|(mail=%s)(otherMailbox=%s)))
result_attribute = sn
leaf_result_attribute = mail
special_result_attribute = url
running the command
postmap -v -q grp-london@<your-domain> /etc/postfix/ldap-kopano-dynGroup.cf
should now show the ldap queries and results we expect from within postfix.
Simply copy ldap-kopano-dynGroup.cf to ldap-kopano-addrList.cf and change the objectClass to kopanoAddrList to get the same for Addresslists.
You can also combine the query_filter to match both
Have fun
Tom
PS: as far as i know, there is no option to rewrite the results of special_result_attribute to prepend a string to kopanoFilter with something like result_format = ldap:// … … … %s
