I have been asked to come up with an LDAP setup and filter for our mail servers which they will use to determine an emails policy for anti-spam etc. The filter needs to check LDAP for a specific user, but if there is no user and policy defined then to use the settings that have been configured for the domain. I have the simplified objects:

---- User object -----
dn: uid=user at mydomain.com
mailpolicy: PolicyA

--- Domain object ----
dn: uid=mydomain.com
mailpolicy: policyB

Is it possible to have a filter that will match the user object if it exists, and fallback to the domain object if not? I don't think this is possible myself as surely the filter is being applied to a single object at a time and not checking for the existance of 1 object before matching another? I initially thought:

(&(uid=$user) (mailpolicy=$policy))

But that would just match either object and not _only_ match the domain object if the user object does not exist.

Is this possible with an LDAP filter or is there some other cunning way to achieve this?