From b2e3771de107f131af0820a30aaaec7fda9e4898 Mon Sep 17 00:00:00 2001 From: skywalker Date: Thu, 17 Oct 2024 10:19:15 +0800 Subject: [PATCH 1/5] SSO_LDAP_USE_SAME_UID --- manual/deploy/ldap_in_11.0.md | 8 ++++++++ manual/upgrade/upgrade_notes_for_11.0.x.md | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/manual/deploy/ldap_in_11.0.md b/manual/deploy/ldap_in_11.0.md index ea14fc388..f7e137adf 100644 --- a/manual/deploy/ldap_in_11.0.md +++ b/manual/deploy/ldap_in_11.0.md @@ -113,3 +113,11 @@ If your LDAP service supports TLS connections, you can configure `LDAP_SERVER_UR ```python LDAP_SERVER_URL = 'ldaps://192.168.0.1:636/' ``` + +### SSO and LDAP users use the same uid + +If you use both ldap and SSO (enable LDAP user sync with ADFS/OAuth), and the uids of ldap and sso users are the same, you can configure `SSO_LDAP_USE_SAME_UID = True` to make different authentication methods point to the same Seafile user. + +```python +SSO_LDAP_USE_SAME_UID = True +``` diff --git a/manual/upgrade/upgrade_notes_for_11.0.x.md b/manual/upgrade/upgrade_notes_for_11.0.x.md index 6f262f43f..fd2060105 100644 --- a/manual/upgrade/upgrade_notes_for_11.0.x.md +++ b/manual/upgrade/upgrade_notes_for_11.0.x.md @@ -179,6 +179,12 @@ DEL_GROUP_IF_NOT_FOUND = False # Set to "true", sync process will dele DEL_DEPARTMENT_IF_NOT_FOUND = False # Set to "true", sync process will deleted the department if not found it in LDAP server. ``` +If you use both ldap and SSO (enable LDAP user sync with ADFS/OAuth), and the uids of ldap and sso users are the same, you can configure `SSO_LDAP_USE_SAME_UID = True` to make different authentication methods point to the same Seafile user. + +```python +SSO_LDAP_USE_SAME_UID = True +``` + #### Migrate LDAP records Run the following script to migrate users in `LDAPImported` to `EmailUsers` From 45a85deac264a8a8240d5f44a37d9f8fa3ac2709 Mon Sep 17 00:00:00 2001 From: skywalker Date: Thu, 17 Oct 2024 10:45:03 +0800 Subject: [PATCH 2/5] SSO_LDAP_USE_SAME_UID in pro --- manual/deploy/ldap_in_11.0.md | 8 -------- manual/deploy_pro/ldap_in_11.0.md | 8 ++++++++ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manual/deploy/ldap_in_11.0.md b/manual/deploy/ldap_in_11.0.md index f7e137adf..ea14fc388 100644 --- a/manual/deploy/ldap_in_11.0.md +++ b/manual/deploy/ldap_in_11.0.md @@ -113,11 +113,3 @@ If your LDAP service supports TLS connections, you can configure `LDAP_SERVER_UR ```python LDAP_SERVER_URL = 'ldaps://192.168.0.1:636/' ``` - -### SSO and LDAP users use the same uid - -If you use both ldap and SSO (enable LDAP user sync with ADFS/OAuth), and the uids of ldap and sso users are the same, you can configure `SSO_LDAP_USE_SAME_UID = True` to make different authentication methods point to the same Seafile user. - -```python -SSO_LDAP_USE_SAME_UID = True -``` diff --git a/manual/deploy_pro/ldap_in_11.0.md b/manual/deploy_pro/ldap_in_11.0.md index 7376c84f9..20d396eb0 100644 --- a/manual/deploy_pro/ldap_in_11.0.md +++ b/manual/deploy_pro/ldap_in_11.0.md @@ -422,6 +422,14 @@ DEL_GROUP_IF_NOT_FOUND = False # Set to "true", sync process will dele DEL_DEPARTMENT_IF_NOT_FOUND = False # Set to "true", sync process will deleted the department if not found it in LDAP server. ``` +### SSO and LDAP users use the same uid + +If you use both ldap and SSO (enable LDAP user sync with ADFS/OAuth), and the uids of ldap and sso users are the same, you can configure `SSO_LDAP_USE_SAME_UID = True` to make different authentication methods point to the same Seafile user. + +```python +SSO_LDAP_USE_SAME_UID = True +``` + ## Importing Roles from LDAP Seafile Pro Edition supports syncing roles from LDAP or Active Directory. From 76a0c881ae2fc953f2258eae9c1651bf1a12f6db Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Thu, 17 Oct 2024 10:58:24 +0800 Subject: [PATCH 3/5] Update ldap_in_11.0.md --- manual/deploy_pro/ldap_in_11.0.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manual/deploy_pro/ldap_in_11.0.md b/manual/deploy_pro/ldap_in_11.0.md index 20d396eb0..f5fda5788 100644 --- a/manual/deploy_pro/ldap_in_11.0.md +++ b/manual/deploy_pro/ldap_in_11.0.md @@ -424,12 +424,14 @@ DEL_DEPARTMENT_IF_NOT_FOUND = False # Set to "true", sync process will dele ### SSO and LDAP users use the same uid -If you use both ldap and SSO (enable LDAP user sync with ADFS/OAuth), and the uids of ldap and sso users are the same, you can configure `SSO_LDAP_USE_SAME_UID = True` to make different authentication methods point to the same Seafile user. +If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set `SSO_LDAP_USE_SAME_UID = True`: ```python SSO_LDAP_USE_SAME_UID = True ``` +Note, here the UID means the unique user ID, in LDAP it is the attribute you use for `LDAP_LOGIN_ATTR`, in ADFS it is `uid` attribute. You need make sure you use the same attribute for the two settings. + ## Importing Roles from LDAP Seafile Pro Edition supports syncing roles from LDAP or Active Directory. From 14becebef21d13b246dea4b6cbafa2ac7c028950 Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Thu, 17 Oct 2024 10:59:58 +0800 Subject: [PATCH 4/5] Update upgrade_notes_for_11.0.x.md --- manual/upgrade/upgrade_notes_for_11.0.x.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manual/upgrade/upgrade_notes_for_11.0.x.md b/manual/upgrade/upgrade_notes_for_11.0.x.md index fd2060105..e39374908 100644 --- a/manual/upgrade/upgrade_notes_for_11.0.x.md +++ b/manual/upgrade/upgrade_notes_for_11.0.x.md @@ -179,12 +179,14 @@ DEL_GROUP_IF_NOT_FOUND = False # Set to "true", sync process will dele DEL_DEPARTMENT_IF_NOT_FOUND = False # Set to "true", sync process will deleted the department if not found it in LDAP server. ``` -If you use both ldap and SSO (enable LDAP user sync with ADFS/OAuth), and the uids of ldap and sso users are the same, you can configure `SSO_LDAP_USE_SAME_UID = True` to make different authentication methods point to the same Seafile user. +If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set `SSO_LDAP_USE_SAME_UID = True`: ```python SSO_LDAP_USE_SAME_UID = True ``` +Note, here the UID means the unique user ID, in LDAP it is the attribute you use for `LDAP_LOGIN_ATTR` (not `LDAP_UID_ATTR`), in ADFS it is `uid` attribute. You need make sure you use the same attribute for the two settings. + #### Migrate LDAP records Run the following script to migrate users in `LDAPImported` to `EmailUsers` From 7635c16e1492c532c0639e909e56146f83ee4912 Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Thu, 17 Oct 2024 11:00:41 +0800 Subject: [PATCH 5/5] Update ldap_in_11.0.md --- manual/deploy_pro/ldap_in_11.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/deploy_pro/ldap_in_11.0.md b/manual/deploy_pro/ldap_in_11.0.md index f5fda5788..2d0ff0ab0 100644 --- a/manual/deploy_pro/ldap_in_11.0.md +++ b/manual/deploy_pro/ldap_in_11.0.md @@ -430,7 +430,7 @@ If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAu SSO_LDAP_USE_SAME_UID = True ``` -Note, here the UID means the unique user ID, in LDAP it is the attribute you use for `LDAP_LOGIN_ATTR`, in ADFS it is `uid` attribute. You need make sure you use the same attribute for the two settings. +Note, here the UID means the unique user ID, in LDAP it is the attribute you use for `LDAP_LOGIN_ATTR` (not `LDAP_UID_ATTR`), in ADFS it is `uid` attribute. You need make sure you use the same attribute for the two settings. ## Importing Roles from LDAP