docker-mailserver ldap auth with AD userprincipalname and group delivery

docker-mailserver

LOG_LEVEL=debug
ONE_DIR=1
ENABLE_AMAVIS=0
ENABLE_OPENDKIM=0
ENABLE_OPENDMARC=0
ENABLE_CLAMAV=0
ENABLE_FAIL2BAN=0
ENABLE_SASLAUTHD=1
SASLAUTHD_MECHANISMS=rimap
SASLAUTHD_MECH_OPTIONS=127.0.0.1
ACCOUNT_PROVISIONER=LDAP
SPOOF_PROTECTION=1
LDAP_START_TLS=no
LDAP_SERVER_HOST=ad.demo
LDAP_SEARCH_BASE=CN=Users,DC=demo,DC=com
LDAP_BIND_DN=CN=svc_mailserver,CN=Users,DC=demo,DC=com
LDAP_BIND_PW=password
LDAP_QUERY_FILTER_DOMAIN=(|(mail=*@%s)(proxyAddresses=smtp:*@%s))
LDAP_QUERY_FILTER_USER=(&(objectclass=person)(mail=%s))
LDAP_QUERY_FILTER_ALIAS=(&(objectclass=person)(proxyAddresses=smtp:%s))
LDAP_QUERY_FILTER_GROUP=(&(objectClass=group)(|(mail=%s)(proxyAddresses=smtp:%s)))
LDAP_QUERY_FILTER_SENDERS=(|(mail=%s)(proxyAddresses=smtp:%s))
DOVECOT_AUTH_BIND=yes
DOVECOT_USER_FILTER=(&(objectclass=person)(|(userPrincipalName=%u)(mail=%u)))
DOVECOT_USER_ATTRS==uid=5000,=gid=5000,=home=/var/mail/%{ldap:userPrincipalName},=mail=maildir:~/Maildir
DOVECOT_PASS_ATTRS=userPrincipalName=user

user-patches.sh

sed -i 's/result_attribute = .*/result_attribute = userPrincipalName/' /etc/postfix/ldap-senders.cf
echo -e "special_result_attribute = member\nleaf_result_attribute = mail" >> /etc/postfix/ldap-groups.cf