diff --git a/default.nix b/default.nix
index 3f46610..89936fe 100644
--- a/default.nix
+++ b/default.nix
@@ -210,6 +210,15 @@ in
     ldap = {
       enable = mkEnableOption "LDAP support";
 
+      domains = mkOption {
+        type = types.listOf types.str;
+        default = config.mailserver.domains;
+        example = ''[ "example.com" "example.org" ]'';
+        description = ''
+          Domains which ldap users are allowed to use.
+        '';
+      };
+
       uris  = mkOption {
         type = types.listOf types.str;
         example = literalExpression ''
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index d1c59b2..f7a33b0 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -150,6 +150,7 @@ let
     tls_ca_cert_file = ${cfg.ldap.tlsCAFile}
     tls_require_cert = yes
 
+    domain = ${lib.concatStringsSep ", " cfg.ldap.domains}
     search_base = ${cfg.ldap.searchBase}
     scope = ${cfg.ldap.searchScope}