diff -upr ../postfix-2.2.3.orig/src/global/dict_ldap.c ./src/global/dict_ldap.c
--- ../postfix-2.2.3.orig/src/global/dict_ldap.c	2005-03-08 19:58:44.000000000 +0100
+++ ./src/global/dict_ldap.c	2005-07-19 02:46:30.000000000 +0200
@@ -60,6 +60,12 @@
 /* .IP special_result_attribute
 /*	The attribute(s) of directory entries that can contain DNs or URLs.
 /*	If found, a recursive subsequent search is done using their values.
+/* .IP exclude_internal
+/*      Used in conjunction with \fIspecial_result_attribute\fR. If set to 
+/*      yes, only matching objects without \fIspecial_result_attribute\fR
+/*      attributes are included in the result. The default is no.
+/*      This feature was added due to a Kolab2 requirement and is an external
+/*      patch for Postfix.
 /* .IP scope
 /*	LDAP search scope: sub, base, or one.
 /* .IP bind
@@ -226,6 +230,7 @@ typedef struct {
     char   *search_base;
     ARGV   *result_attributes;
     int     num_attributes;		/* rest of list is DN's. */
+    int     exclude_internal;
     int     bind;
     char   *bind_dn;
     char   *bind_pw;
@@ -717,6 +722,7 @@ static void dict_ldap_get_values(DICT_LD
     char   *myname = "dict_ldap_get_values";
     struct timeval tv;
     LDAPURLDesc *url;
+    int     is_leaf;
 
     tv.tv_sec = dict_ldap->timeout;
     tv.tv_usec = 0;
@@ -744,6 +750,27 @@ static void dict_ldap_get_values(DICT_LD
 		     dict_ldap->size_limit);
 	    dict_errno = DICT_ERR_RETRY;
 	}
+
+	/*
+	 * The number of ordinary attributes is "num_attributes". We run through
+	 * the "special" attributes and check if any of them are present in the
+	 * object. If yes, then is_leaf = 0, else is_leaf = 1
+	 */
+	is_leaf = 1;
+	if (dict_ldap->exclude_internal) {
+	    for (i = dict_ldap->num_attributes; dict_ldap->result_attributes->argv[i]; i++) {
+		attr = dict_ldap->result_attributes->argv[i];
+		vals = ldap_get_values(dict_ldap->ld, entry, attr);
+		if (vals) {
+		    if (ldap_count_values(vals) > 0) {
+			is_leaf = 0;
+			ldap_value_free(vals);
+			break;
+		    }
+		    ldap_value_free(vals);	    
+		}
+	    }
+	}
 	for (attr = ldap_first_attribute(dict_ldap->ld, entry, &ber);
 	     attr != NULL;
 	     ldap_memfree(attr), attr = ldap_next_attribute(dict_ldap->ld,
@@ -791,6 +818,7 @@ static void dict_ldap_get_values(DICT_LD
 	     */
 	    if (i < dict_ldap->num_attributes) {
 		/* Ordinary result attribute */
+	        if(is_leaf) {
 		for (i = 0; vals[i] != NULL; i++) {
 		    if (db_common_expand(dict_ldap->ctx,
 					 dict_ldap->result_format, vals[i],
@@ -809,6 +837,7 @@ static void dict_ldap_get_values(DICT_LD
 		    msg_info("%s[%d]: search returned %ld value(s) for"
 			     " requested result attribute %s",
 			     myname, recursion, i, attr);
+		}
 	    } else if (recursion < dict_ldap->recursion_limit
 		       && dict_ldap->result_attributes->argv[i]) {
 		/* Special result attribute */
@@ -1351,6 +1380,11 @@ DICT   *dict_ldap_open(const char *ldaps
     myfree(attr);
 
     /*
+     * get configured value of "exclude_internal", default to no
+     */
+    dict_ldap->exclude_internal = cfg_get_bool(dict_ldap->parser, "exclude_internal", 0);    
+
+    /*
      * get configured value of "bind"; default to true
      */
     dict_ldap->bind = cfg_get_bool(dict_ldap->parser, "bind", 1);