Hello,
I have been using Seafile for many years.
I recently migrated from Seafile 8 to Seafile 12.
Currently, my users are imported from my LDAP and authenticate via that same LDAP.
I have configured an OAuth authentication method, which works. However, my users still have the choice of authenticating via LDAP or OAuth.
Is it possible to only allow OAuth authentication on Seafile and completely disable all other methods?
Thank you,
K.
If your case, why not adding ENABLE_LDAP = False to seahub_settings.py?
Hello,
Indeed, when LDAP is disabled, authentication must go through OAuth. However, the login page still displays a username/password form. If the user enters their credentials (as usual), the error shown is “invalid credentials,” whereas the real reason is that the user does not have an account on the platform (password is '“!” in database).
That said, this is acceptable.
Since LDAP is no longer enabled, I therefore need to force the creation of a user account upon OAuth login.
The issue, however, is that LDAP authentication also synchronizes the role. Is it possible to pass this value via OAuth so that the user is added to the correct role on their first login?
Also, how should I configure the end_session_endpoint in Seafile? I don’t see any OAuth-related variable for it, and logout still seems to be handled entirely by Seafile rather than via OAuth.
I’m also surprised that Seafile does not simply ask for the provider’s issuer and then retrieve all the endpoints from /.well-known/openid-configuration, as specified in the OpenID documentation.
Thanks
K.