diff -p -up cyrus-imapd-2.3.16/configure.in.kolab-ldap cyrus-imapd-2.3.16/configure.in
--- cyrus-imapd-2.3.16/configure.in.kolab-ldap	2009-12-21 13:09:10.000000000 +0000
+++ cyrus-imapd-2.3.16/configure.in	2010-09-05 17:49:48.436656999 +0000
@@ -1214,7 +1214,7 @@ for flag in ${ldflags} ${default_ldflags
 done
 
 IMAP_COM_ERR_LIBS="${COM_ERR_LIBS}"
-IMAP_LIBS="${LIB_SASL} ${LIBS} ${SQL_LIBS}"
+IMAP_LIBS="${LIB_SASL} -lldap -llber ${LIBS}"
 
 AC_SUBST(LIB_RT)
 AC_SUBST(IMAP_COM_ERR_LIBS)
diff -p -up cyrus-imapd-2.3.16/configure.kolab-ldap cyrus-imapd-2.3.16/configure
--- cyrus-imapd-2.3.16/configure.kolab-ldap	2009-12-21 13:17:55.000000000 +0000
+++ cyrus-imapd-2.3.16/configure	2010-09-05 17:49:48.436656999 +0000
@@ -21243,7 +21243,7 @@ for flag in ${ldflags} ${default_ldflags
 done
 
 IMAP_COM_ERR_LIBS="${COM_ERR_LIBS}"
-IMAP_LIBS="${LIB_SASL} ${LIBS} ${SQL_LIBS}"
+IMAP_LIBS="${LIB_SASL} -lldap -llber ${LIBS}"
 
 
 
diff -p -up cyrus-imapd-2.3.16/imap/global.c.kolab-ldap cyrus-imapd-2.3.16/imap/global.c
--- cyrus-imapd-2.3.16/imap/global.c.kolab-ldap	2009-10-13 15:10:36.000000000 +0000
+++ cyrus-imapd-2.3.16/imap/global.c	2010-09-05 17:49:48.436656999 +0000
@@ -54,6 +54,9 @@
 #include <netinet/in.h>
 #include <sys/stat.h>
 
+#include <ldap.h>
+#include <lber.h>
+
 #if HAVE_UNISTD_H
 # include <unistd.h>
 #endif
@@ -383,6 +386,18 @@ char *canonify_userid(char *user, char *
     char *domain = NULL;
     int len = strlen(user);
     char buf[81];
+    const char *uri;
+    const char *base;
+    const char *binddn;
+    const char *bindpw;
+    struct timeval timeout;
+    char filter[255];
+    LDAP *handle;
+    LDAPMessage *res;
+    LDAPMessage *entry;
+    char ** vals;
+
+    int rc;
 
     /* check for domain */
     if (config_virtdomains &&
@@ -401,6 +416,47 @@ char *canonify_userid(char *user, char *
     }
 
     if (config_virtdomains) {
+        if (config_virtdomains == IMAP_ENUM_VIRTDOMAINS_LDAP) {
+           uri = config_getstring(IMAPOPT_LDAP_URI);
+           base = config_getstring(IMAPOPT_LDAP_BASE);
+           binddn = config_getstring(IMAPOPT_LDAP_BIND_DN);
+           bindpw = config_getstring(IMAPOPT_LDAP_PASSWORD);
+           timeout.tv_sec = config_getint(IMAPOPT_LDAP_TIME_LIMIT);
+           timeout.tv_usec = 0;
+           sprintf(filter, "(uid=%s)", user);
+           rc = ldap_initialize(&handle, uri);
+           if (rc != LDAP_SUCCESS) {
+                syslog(LOG_ERR, "ldap_initialize failed (%s)", uri);
+           } else {
+	        rc = ldap_simple_bind_s(handle, binddn, bindpw);
+	        if (rc != LDAP_SUCCESS) {
+                     syslog(LOG_ERR, "ldap_simple_bind() failed %d (%s)", rc, ldap_err2string(rc));
+	        } else {
+	             rc = ldap_search_st(handle, base, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &timeout, &res);
+                     if (rc != LDAP_SUCCESS) {
+                          syslog(LOG_ERR, "ldap_search_st failed %d (%s)", rc, ldap_err2string(rc));
+                     } else {
+	                  if ( (entry = ldap_first_entry(handle, res)) != NULL ) {
+			       // read mail attribute from entry
+			       if ( (vals = ldap_get_values(handle, entry, "mail")) ) {
+  				    if (strchr(vals[0], '@')) {
+				        static char buf[81]; /* same size as in auth_canonifyid */
+					strncpy( buf, vals[0], sizeof(buf) );
+					buf[80] = '\0'; /* make sure it's null-terminated */
+					ldap_value_free( vals );
+				        ldap_msgfree( res );
+					ldap_unbind_s(handle); /* also frees handle */
+				        return auth_canonifyid( buf, 0) ;
+				    }
+				    ldap_value_free( vals );
+			       }			       	
+   	                  }
+			  ldap_msgfree( res );
+                     }
+                }
+		ldap_unbind_s(handle); /* also frees handle */
+           }
+        }
 	if (domain) {
 	    if (config_defdomain && !strcasecmp(config_defdomain, domain+1)) {
 		*domain = '\0'; /* trim the default domain */
@@ -413,7 +469,7 @@ char *canonify_userid(char *user, char *
 		user = buf;
 	    }
 	}
-	else if (config_virtdomains != IMAP_ENUM_VIRTDOMAINS_USERID) {
+	else if (config_virtdomains != IMAP_ENUM_VIRTDOMAINS_USERID && config_virtdomains != IMAP_ENUM_VIRTDOMAINS_LDAP) {
 	    socklen_t salen;
 	    int error;
 	    struct sockaddr_storage localaddr;
diff -p -up cyrus-imapd-2.3.16/lib/imapoptions.kolab-ldap cyrus-imapd-2.3.16/lib/imapoptions
--- cyrus-imapd-2.3.16/lib/imapoptions.kolab-ldap	2010-09-05 17:49:48.416657008 +0000
+++ cyrus-imapd-2.3.16/lib/imapoptions	2010-09-05 17:49:48.436656999 +0000
@@ -1266,7 +1266,7 @@ product version in the capabilities */
    mailbox hierarchy.  The default is to use the netnews separator
    character '.'. */
 
-{ "virtdomains", "off", ENUM("off", "userid", "on") }
+{ "virtdomains", "off", ENUM("off", "userid", "ldap", "on") }
 /* Enable virtual domain support.  If enabled, the user's domain will
    be determined by splitting a fully qualified userid at the last '@'
    or '%' symbol.  If the userid is unqualified, and the virtdomains
diff -p -up cyrus-imapd-2.3.16/lib/imapopts.c.kolab-ldap cyrus-imapd-2.3.16/lib/imapopts.c
--- cyrus-imapd-2.3.16/lib/imapopts.c.kolab-ldap	2009-12-21 13:17:55.000000000 +0000
+++ cyrus-imapd-2.3.16/lib/imapopts.c	2010-09-05 17:59:05.394655956 +0000
@@ -790,6 +790,7 @@ struct imapopt_s imapopts[] =
     {(void *)(IMAP_ENUM_VIRTDOMAINS_OFF)},
     { { "off" , IMAP_ENUM_VIRTDOMAINS_OFF },
       { "userid" , IMAP_ENUM_VIRTDOMAINS_USERID },
+      { "ldap" , IMAP_ENUM_VIRTDOMAINS_LDAP },
       { "on" , IMAP_ENUM_VIRTDOMAINS_ON },
       { NULL, IMAP_ENUM_ZERO } } },
 
diff -p -up cyrus-imapd-2.3.16/lib/imapopts.h.kolab-ldap cyrus-imapd-2.3.16/lib/imapopts.h
--- cyrus-imapd-2.3.16/lib/imapopts.h.kolab-ldap	2009-12-21 13:17:55.000000000 +0000
+++ cyrus-imapd-2.3.16/lib/imapopts.h	2010-09-05 17:49:48.436656999 +0000
@@ -275,7 +275,8 @@ enum enum_value {
   IMAP_ENUM_SIEVE_EXTENSIONS_COPY = (1<<11),
   IMAP_ENUM_VIRTDOMAINS_OFF = 0,
   IMAP_ENUM_VIRTDOMAINS_USERID,
-  IMAP_ENUM_VIRTDOMAINS_ON
+  IMAP_ENUM_VIRTDOMAINS_ON,
+  IMAP_ENUM_VIRTDOMAINS_LDAP
 
 };