fix(open-xchange): Add support for ldap based transport maps and virtual alias maps

helmfile/apps/open-xchange/values-postfix.yaml.gotmpl

@@ -78,6 +78,45 @@ postfix:
   staticAuthDB:
     enabled: false
 
+  ldapTransportMaps:
+    - host: "ums-ldap-server"
+      scheme: "ldap"
+      port: 389
+      baseDn: "{{ .Values.ldap.baseDn }}"
+      bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
+      password:
+        value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
+      queryFilter: "(&(objectClass=person)(isOxUser=Not)(mailPrimaryAddress=%s))"
+      resultAttribute: "mailPrimaryAddress"
+      resultFormat: "smtp:legacySmtpServer1:25"
+    - host: "ums-ldap-server"
+      scheme: "ldap"
+      port: 389
+      baseDn: "{{ .Values.ldap.baseDn }}"
+      bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
+      password:
+        value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
+      queryFilter: "(&(objectClass=person)(isOxUser=Not)(mailAlternativeAddress=%s))"
+      resultAttribute: "mailAlternativeAddress"
+      resultFormat: "smtp:legacySmtpServer2:25"
+
+  ldapVirtualAliasMaps:
+    - host: "ums-ldap-server"
+      scheme: "ldap"
+      port: 389
+      baseDn: "{{ .Values.ldap.baseDn }}"
+      bindDn: "uid=ldapsearch_postfix,cn=users,{{ .Values.ldap.baseDn }}"
+      password:
+        value: {{ .Values.secrets.nubus.ldapSearch.postfix | quote }}
+      # ldap filter to find groups with mail address
+      queryFilter: "(&(|(objectClass=univentionMailList)(objectClass=posixGroup))(|(mailPrimaryAddress=%s)(mailAlternativeAddress=%s)))"
+      # -- use this attribute if the query already returns email addresses of members and no recursive lookup needs to be done
+      resultAttribute: ""
+      # -- do a recursive search on the specified attribute if found, should be a DN
+      specialResultAttribute: "uniqueMember"
+      # -- return the following attribute from all found leaves when a recursive search is done
+      leafResultAttribute: "mailPrimaryAddress"
+
   {{- if .Values.antivirus.milter.host }}
   smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
   {{- else }}

helmfile/environments/default/charts.yaml.gotmpl

@@ -437,7 +437,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
     name: "postfix"
-    version: "5.0.1"
+    version: "5.0.2"
     verify: true
   postgresql:
     # providerCategory: "Platform"

helmfile/environments/default/images.yaml.gotmpl

@@ -914,7 +914,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/postfix"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/postfix"
-    tag: "3.0.3@sha256:12bcebf57ddb53258c48eaa60e9c25b441f4319ee1b94b363c652ad0a992a875"
+    tag: "3.0.4@sha256:5b17c801283215b13e8305b0be1497d70c232e8ea8414f965cd1010333ae95ab"
   postfixBootstrap:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"

helmfile/environments/default/secrets.yaml.gotmpl

@@ -32,6 +32,7 @@ secrets:
       dovecot: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_dovecot" | sha1sum | quote }}
       element: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_element" | sha1sum | quote }}
       ox: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_ox" | sha1sum | quote }}
+      postfix: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_postfix" | sha1sum | quote }}
       openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_openproject" | sha1sum | quote }}
       xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_xwiki" | sha1sum | quote }}
     systemAccounts: