From 14becebef21d13b246dea4b6cbafa2ac7c028950 Mon Sep 17 00:00:00 2001
From: Daniel Pan <freeplant@gmail.com>
Date: Thu, 17 Oct 2024 10:59:58 +0800
Subject: [PATCH] Update upgrade_notes_for_11.0.x.md

---
 manual/upgrade/upgrade_notes_for_11.0.x.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/manual/upgrade/upgrade_notes_for_11.0.x.md b/manual/upgrade/upgrade_notes_for_11.0.x.md
index fd206010..e3937490 100644
--- a/manual/upgrade/upgrade_notes_for_11.0.x.md
+++ b/manual/upgrade/upgrade_notes_for_11.0.x.md
@@ -179,12 +179,14 @@ DEL_GROUP_IF_NOT_FOUND = False           # Set to "true", sync process will dele
 DEL_DEPARTMENT_IF_NOT_FOUND = False      # Set to "true", sync process will deleted the department if not found it in LDAP server.
 ```
 
-If you use both ldap and SSO (enable LDAP user sync with ADFS/OAuth), and the uids of ldap and sso users are the same, you can configure `SSO_LDAP_USE_SAME_UID = True` to make different authentication methods point to the same Seafile user.
+If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set `SSO_LDAP_USE_SAME_UID = True`:
 
 ```python
 SSO_LDAP_USE_SAME_UID = True
 ```
 
+Note, here the UID means the unique user ID, in LDAP it is the attribute you use for `LDAP_LOGIN_ATTR` (not `LDAP_UID_ATTR`), in ADFS it is `uid` attribute. You need make sure you use the same attribute for the two settings.
+
 #### Migrate LDAP records
 
 Run the following script to migrate users in `LDAPImported` to `EmailUsers`