Postfix+LDAP not dropping to the right user

I'm working on moving my mail from Postfix + Cyrus with all my virtual users in Cyrus' sasl database to Postfix + Dovecot with all my virtual users in an LDAP database.

I have my test user in LDAP, test@foo.com, which has mailAlternateAddress'es test1@foo.com and test2@foo.com. test@foo.com's uid is "nottest".

In postfix's main.cf, I set

alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap.cf

and in ldap.cf, I have:

server_host = ldapserver

search_base = dc=foo, dc=com

query_filter = (|(mail=%s)(mailAlternateAddress=%s))

result_attribute = uid

I'm expecting postfix to do a search like "(|(mail=test2@foo.com)(mailAlternateAddress=test2@foo.com))" (which I tested, and got my nottest uid), return the uid, and call dovecot's deliver with the uid "nottest" as the user. Instead, its calling deliver and delivering to the user part of the email address, e.g. test2, test1.

I tried a postmap -vq "test2@foo.com" ldap:/etc/postfix/ldap.cf, and it returned the UID I expected. So, there's nothing wrong with the LDAP config, it's gotta be something that happens between the lookup and the handoff to dovecot's deliver. Right now I suspect its my line in master.cf:

dovecot unix - n n - - pipe

flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}

I think $user is the wrong variable to use, but I'm not sure how to tell Postfix to deliver to the LDAP UID, not dumbly deliver to test2.

Also, I noticed that Postfix isn't bouncing mails to addresses that don't exist. I emailed barf@foo.org, and Postfix just dropped off the mail to the non-existent mail user "barf".

Anyone know what I'm missing?

Thanks!