diff --git a/app/models/user.rb b/app/models/user.rb
index 5dc1b7177..bb73a34b5 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -317,12 +317,12 @@ class User < ApplicationRecord
 
     # existing user, we'll update them
     if (user = unscoped.find_by_login(attrs[:login]))
-      unless user.auth_source.is_a? AuthSourceExternal
+      unless user.auth_source.is_a? AuthSourceExternal or user.auth_source.is_a? AuthSourceLdap
         logger.info "Failed to log in external user: Username '#{attrs[:login]}' already exists in a different authentication source"
         return nil
       end
       # we know this auth source and it's user's auth source, we'll update user attributes
-      if auth_source && (user.auth_source_id == auth_source.id)
+      if auth_source && (user.auth_source.is_a? AuthSourceExternal) && (user.auth_source_id == auth_source.id)
         auth_source_external_groups = auth_source.external_usergroups.pluck(:usergroup_id)
         new_usergroups = user.usergroups.includes(:external_usergroups).where.not('usergroups.id' => auth_source_external_groups)