Q&A: Which mail fields for users are available in UCS?


Which mail fields for users are available, what is their Use Case and how can I insert a mailaddress with a foreign domain?


There are 5 standard fields for mail adresses:

  1. mailPrimaryAddress
  2. mailAlternativeAddress
  3. mailForwardAddress
  4. e-mail
  5. PasswordRecoveryEmail


Primary mail address

UMC category: Users β†’ General β†’ Primary e-mail address
UDM name: mailPrimaryAddress
LDAP attribute: mailPrimaryAddress

If a mail home server is assigned to the user, a mailbox is generated when entering a primary mail address. The mail domain must be managed by UCS as mails to these domains are delivered locally and therefore wont leave the server. For more info see: https://docs.software-univention.de/manual-4.4.html#mail::management::domains

Alternative mail address

UMC category: Users β†’ Advanced settings β†’ Mail β†’ Alternative e-mail address (Can be used multiple times)
UDM name: mailAlternativeAddress
LDAP attribute: mailAlternativeAddress

Addresses entered as alternative mail addresses generate an alias for the mailbox generated by the primary address so the same rules apply to these adresses as well.
They do not have to be unique so that multiple users can have the same alias assigned and therefore will receive mails mutually.

Forward mail address

UMC category: Users β†’ Advanced settings β†’ Mail β†’ Forward e-mail address (Can be used multiple times)
UDM name: mailForwardAddress
LDAP attribute: mailForwardAddress

The forward addresses are used to forward mails received by the primary/alternative address. They do not have to be unique and can the domain can be external, so this address can be used to deliver internal mail to external accounts.

Contact mail address

UMC category: Users β†’ Contact β†’ E-mail address (Can be used multiple times)
UDM name: e-mail
LDAP attribute: mail

This field can safely be used with external mail domains as no domain rules apply. It corresponds with the LDAP standard field mail so that mailPrimaryAddress does not break compatibility on LDAP level.

Password recovery mail address

UMC category: Users β†’ Password recovery β†’ E-mail address
UDM name: PasswordRecoveryEmail
LDAP attribute: univentionPasswordSelfServiceEmail

If the Self-Service Backend is installed, users can provide a password recovery mail address to which a mail is sent if the password got lost.
If a user has verified this address, PasswordRecoveryEmailVerified is set to TRUE so one can be sure that this address does work.

Syntax Check

The domain check as well as the check if the entered value is a correct formatted mail address is done via the UDM Syntax.
If it is necessary to skip these checks, the syntax class can be overwritten as documented: https://docs.software-univention.de/developer-reference.html#udm:syntax:overwrite
For the alternative mail address this would be:

ucr set directory/manager/web/modules/users/user/properties/mailAlternativeAddress/syntax=string
service univention-management-console-server restart

Please be advised that this can have a negative impact as some services might assume that all values are indeed correct mail addresses below a managed domain.

UCS@school context

In context of UCS@school additional logic may apply:


The primary mail address is mapped to the key email, but may also be generated via a provided maildomain and scheme as documented: https://docs.software-univention.de/ucsschool-import-handbuch-4.4.html#configuration:scheme_formatting. Furthermore the noted restrictions apply here as well so you need to make sure that the domain is managed correctly.

Kelvin API

When interacting with Users via the Kelvin REST API, the same naming applies, but the position differs:

  • email as a direct property maps to primary mail address
  • Other mail adresses can be used as an element of udm_properties if mapped, their naming corresponds to their UDM attribute (e.g. e-mail as the contact mail address)

This Q&A is based on the Thread E-Mail-Adressen mit unbekannter DomΓ€ne.

1 Like

This topic was automatically closed after 60 minutes. New replies are no longer allowed.