Seafile 10 with LDAP authentication ⇒ upgrade to seafile 11 or switch to OAUTH (SSO) first?

Seafile Server
1

Hi guys,

we have a seafile 10 (pro) installation that imports its users from our LDAP. we want to switch to SSO OAUTH (OIDC) and we also need to upgrade to seafile 11 (and 12) sooner or later. would you suggest to

  • first upgrade to seafile 11 (keeping LDAP)
  • then switch to SSO

or

  • keep seafile 10 and switch to SSO first
  • then upgrade to seafile 11

many thanks for your input.

best,

Hp

2

Based on the changes introduced in Seafile 11.0, the recommended approach is to upgrade to Seafile 11 first while keeping your LDAP configuration, and then switch to SSO (OAuth/OIDC).

Here is why this sequence is preferred:

  1. New User Identity System: Seafile 11.0 introduces a new internal user identity system (virtual IDs). Upgrading to version 11 first ensures that your existing LDAP users are correctly transitioned into this new system via the required migrate_ldapusers.py script.
  2. Linking LDAP and SSO: Version 11.0 includes a specific configuration option SSO_LDAP_USE_SAME_UID = True. This feature is designed specifically for your scenario—it allows Seafile to match an SSO login to an existing LDAP account, preventing the creation of duplicate users when you make the switch.
  3. LDAP Re-implementation: Since LDAP integration was moved from the C-based ccnet to the Python-based seahub in version 11, you will need to move your configuration to seahub_settings.py during the upgrade anyway.

Recommended Steps:

  1. Upgrade to Seafile 11: Follow the standard upgrade path.
  2. Migrate LDAP: Move your LDAP settings from ccnet.conf to seahub_settings.py and run the migrate_ldapusers.py script as described in the Upgrade Notes for 11.0.x.
  3. Configure OAuth: Once you are stable on version 11, configure your OAuth provider.
  4. Enable Identity Linking: Add SSO_LDAP_USE_SAME_UID = True to your seahub_settings.py to ensure users logging in via SSO are mapped to their existing LDAP-imported profiles.

For more details on how version 11 handles these migrations, you can refer to:

3

Hi Daniel, many thanks, this is the perfect answer :slight_smile:

Best,

Hp