Change in LDAP email locks out certain users

Hello Seafile gurus, I’m running Seafile Pro 6.3.13 in a Docker container. Users authenticate against an LDAP server to login using either their uid or their email address.

Recently, our email addresses changed so I updated mine in the LDAP server (there’s no change in uid). The old Seafile email and uid was immediately inactivated and the new one was activated. I couldn’t login using the uid but only with the new email.

The new email user was assigned to the correct groups but the private libraries were not migrated. Basically the new email is a brand new account. A workaround is for the sysadmin to assign the old folders to the new user. Is this normal behaviour? It’s cumbersome to migrate the private libraries one by one.

When I switched back to the old email, I could again login with the email or uid.

Thanks in adv!

Bump. Does the above issue look familiar to anyone?

Hi eugene,

just look at the database seafile-db, table RepoOwner. The repo_id is bound to the owner_id, what is the (old) email address.
We are using the edupersonPrincipalname for our ldap users. This is always uid@domain, and doesn’t change if a user gets a new email address.


Hi eugene,
your observations are correct. Due to design decisions in the past the “primary identifier” of an account is the emailadress. As soon as you change the email the LDAP sync deactivates the old emailadress and creates a new account with the new email.

Of cause you could easily write a script to transfer the libraries from the old account to the new one but still you would loose all “sharing-links” of the old account.

Therefore If you know that your emails will change recently then you should rethink your LDAP-Structure. Use as primary identifier something that does not change like a “user-number@your domain” or something. Then use the possibilites of contact-address or nickname to allow the user to login with anything your want.

Best regards