SSO_LDAP_USE_SAME_UID (#6903)

seahub/adfs_auth/backends.py

@@ -36,6 +36,8 @@
 SAML_PROVIDER_IDENTIFIER = getattr(settings, 'SAML_PROVIDER_IDENTIFIER', 'saml')
 SHIBBOLETH_AFFILIATION_ROLE_MAP = getattr(settings, 'SHIBBOLETH_AFFILIATION_ROLE_MAP', {})
 CACHE_KEY_GROUPS = "all_groups_cache"
+LDAP_PROVIDER = getattr(settings, 'LDAP_PROVIDER', 'ldap')
+SSO_LDAP_USE_SAME_UID = getattr(settings, 'SSO_LDAP_USE_SAME_UID', False)
 
 
 class Saml2Backend(ModelBackend):
@@ -58,6 +60,8 @@ def authenticate(self, session_info=None, attribute_mapping=None, create_unknown
         name_id = name_id.text
 
         saml_user = SocialAuthUser.objects.get_by_provider_and_uid(SAML_PROVIDER_IDENTIFIER, name_id)
+        if not saml_user and SSO_LDAP_USE_SAME_UID:
+            saml_user = SocialAuthUser.objects.get_by_provider_and_uid(LDAP_PROVIDER, name_id)
         if saml_user:
             user = self.get_user(saml_user.username)
             if not user:

seahub/oauth/views.py

@@ -20,6 +20,9 @@
 
 logger = logging.getLogger(__name__)
 
+LDAP_PROVIDER = getattr(settings, 'LDAP_PROVIDER', 'ldap')
+SSO_LDAP_USE_SAME_UID = getattr(settings, 'SSO_LDAP_USE_SAME_UID', False)
+
 try:
     current_path = os.path.dirname(os.path.abspath(__file__))
     seafile_conf_dir = os.path.join(current_path, '../../../../conf')
@@ -176,6 +179,8 @@ def oauth_callback(request):
     old_email = oauth_user_info.get('email', '')
 
     oauth_user = SocialAuthUser.objects.get_by_provider_and_uid(OAUTH_PROVIDER, uid)
+    if not oauth_user and SSO_LDAP_USE_SAME_UID:
+        oauth_user = SocialAuthUser.objects.get_by_provider_and_uid(LDAP_PROVIDER, uid)
     if oauth_user:
         email = oauth_user.username
         is_new_user = False

seahub/settings.py

@@ -334,6 +334,8 @@
 LDAP_USER_ROLE_ATTR = ''
 ACTIVATE_USER_WHEN_IMPORT = True
 
+SSO_LDAP_USE_SAME_UID = False
+
 # enable ldap sasl auth
 ENABLE_SASL = False
 SASL_MECHANISM = ''