I’m using Seafile with LDAP users, and I’ve also enabled oAuth. This allow users to either login on Seafile login form, or through our internal SSO portal.
There’s one issue with this though : if a user only logs in using oAuth, it’ll not be imported in Seafile (so cannot be granted permissions or anything). The user is visible in the “LDAP” tab in the user account, but not in “LDAP (imported)”.
Users need to auth once on Seafile (either using Seafile login form, or connecting with a Sync client without choosing SSO login) for it to be imported by Seafile.
So, Seafile should check if the user exists in LDAP, and import it if it is, when loging in through oAuth (but I guess it’s the same with SAML2)
Once the user logs in with OAuth, it’ll be added to EmailUser table. He/She should be able to use Seafile without problem. Why do you need to see the user in LDAP (imported) if it works already?
If the user exists in LDAP, but logs in through oAuth, he can use Seafile, but it’s not manageable (can’t share with him, can’t add him to groups etc.). It’s not added in EmailUser table. Once he logs at least once using Seafile form (or a sync client, but without using SSO auth), it’s added in LDAPUsers and then can be managed properly.
Hello, I confirm this bug. We asked all new users to login at least once on the web form. After this first step the user can use the sso because it is correctly seen by the seafile or internal share groups.
We will look into this problem these days.