Hi,

I myself haven't used LDAP in conjunction with amavis, but fast reading
the documentation I'd say you may get a __userbased__ hard
black/whitelist with LDAP using attributes 'amavisBlacklistSender' and
'amavisWhitelistSender'.

Point is, those attributes can only save the sender's addresses,
nothing more. So soft black/whitelisting with it's spamassassin score
modifier can't be defined. I guess LDAP is quite limited regarding
saving a value pair to an attribute, especially if multiple pairs
should be possible.

I think, there is no way to define a __site-wide__ whitelist with LDAP
as those entries are always within a user's LDAP entry. But you may
combine a lookup to a site-wide static file with a user based LDAP
lookup. 'The SQL and LDAP are somewhat specific and are always
consulted first.'[1] So, as soon as LDAP is enabled it should be
considered:

$enable_ldap  = 1;
$ldap_lookups_no_at_means_domain = 0(=default) or 1

$default_ldap = {
hostname      => [ 'localhost', 'ldap2.example.com' ],
timeout       => 5,
tls           => 0,
base          => 'ou=People,dc=example,dc=com',
query_filter  => '(&(objectClass=amavisAccount)(mail=%m))',
};

read_hash(\%whitelist_sender, '/etc/amavis/whitelist');
@whitelist_sender_maps = (\%whitelist_sender);

[1] https://www.ijs.si/software/amavisd/README.ldap

Best regards
Martin Johannes Dauser