diff --git a/defaults/main.yml b/defaults/main.yml
index a1b4216..4f10eb0 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -25,8 +25,12 @@ postfix:
     tls_key: /etc/ssl/private/ldap.key
     bind_dn: ""
     bind_pw: ""
-    search_base: ou=users,dc=example,dc=com
-    filter: "uid=%u"
+    users:
+      search_base: ou=users,dc=example,dc=com
+      filter: "uid=%u"
+    aliases:
+      search_base: ou=postfix,dc=example,dc=com
+      filter: ""
     result_attributes:
       aliases: mailForwardingAddress
       mailboxes: mailMessageStore
diff --git a/templates/saslauthd.conf.j2 b/templates/saslauthd.conf.j2
index 3cf24a0..ee7913d 100644
--- a/templates/saslauthd.conf.j2
+++ b/templates/saslauthd.conf.j2
@@ -6,9 +6,9 @@ ldap_tls_cert: {{ postfix.ldap.tls_cert }}
 ldap_tls_key: {{ postfix.ldap.tls_key }}
 ldap_bind_dn: {{ postfix.ldap.bind_dn }}
 ldap_bind_pw: {{ postfix.ldap.bind_pw }}
-ldap_search_base: {{ postfix.ldap.search_base }}
+ldap_search_base: {{ postfix.ldap.users.search_base }}
 ldap_scope: sub
-ldap_filter: {{ postfix.ldap.filter }}
+ldap_filter: {{ postfix.ldap.users.filter }}
 ldap_auth_method: bind
 {% else %}
 # LDAP is not configured for this server.
diff --git a/templates/virtual-aliases.cf.j2 b/templates/virtual-aliases.cf.j2
index 0f1896b..be4690a 100644
--- a/templates/virtual-aliases.cf.j2
+++ b/templates/virtual-aliases.cf.j2
@@ -3,8 +3,8 @@ server_host = {{ postfix.ldap.server.host }}
 server_port = {{ postfix.ldap.server.port }}
 bind_dn = {{ postfix.ldap.bind_dn }}
 bind_pw = {{ postfix.ldap.bind_pw }}
-search_base = {{ postfix.ldap.search_base }}
-query_filter = {{ postfix.ldap.filter }}
+search_base = {{ postfix.ldap.aliases.search_base }}
+query_filter = {{ postfix.ldap.aliases.filter }}
 result_attribute = {{ postfix.ldap.result_attributes.maildrop }}
 {% else %}
 # LDAP is not configured for this server.