20 files changed, 932 insertions, 230 deletions

diff --git a/api/user.go b/api/user.go
index aadf735d0..04bd673a8 100644
--- a/api/user.go
+++ b/api/user.go
@@ -51,8 +51,6 @@ func InitUser(r *mux.Router) {
 	sr.Handle("/login_ldap", ApiAppHandler(loginLdap)).Methods("POST")
 	sr.Handle("/revoke_session", ApiUserRequired(revokeSession)).Methods("POST")
 	sr.Handle("/attach_device", ApiUserRequired(attachDeviceId)).Methods("POST")
-	sr.Handle("/switch_to_sso", ApiAppHandler(switchToSSO)).Methods("POST")
-	sr.Handle("/switch_to_email", ApiUserRequired(switchToEmail)).Methods("POST")
 	sr.Handle("/verify_email", ApiAppHandler(verifyEmail)).Methods("POST")
 	sr.Handle("/resend_verification", ApiAppHandler(resendVerification)).Methods("POST")
 
@@ -67,6 +65,11 @@ func InitUser(r *mux.Router) {
 	sr.Handle("/{id:[A-Za-z0-9]+}/sessions", ApiUserRequired(getSessions)).Methods("GET")
 	sr.Handle("/{id:[A-Za-z0-9]+}/audits", ApiUserRequired(getAudits)).Methods("GET")
 	sr.Handle("/{id:[A-Za-z0-9]+}/image", ApiUserRequired(getProfileImage)).Methods("GET")
+
+	sr.Handle("/claim/email_to_oauth", ApiAppHandler(emailToOAuth)).Methods("POST")
+	sr.Handle("/claim/oauth_to_email", ApiUserRequired(oauthToEmail)).Methods("POST")
+	sr.Handle("/claim/email_to_ldap", ApiAppHandler(emailToLdap)).Methods("POST")
+	sr.Handle("/claim/ldap_to_email", ApiAppHandler(ldapToEmail)).Methods("POST")
 }
 
 func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -2047,30 +2050,30 @@ func IsUsernameTaken(name string, teamId string) bool {
 	return false
 }
 
-func switchToSSO(c *Context, w http.ResponseWriter, r *http.Request) {
+func emailToOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 	props := model.MapFromJson(r.Body)
 
 	password := props["password"]
 	if len(password) == 0 {
-		c.SetInvalidParam("switchToSSO", "password")
+		c.SetInvalidParam("emailToOAuth", "password")
 		return
 	}
 
 	teamName := props["team_name"]
 	if len(teamName) == 0 {
-		c.SetInvalidParam("switchToSSO", "team_name")
+		c.SetInvalidParam("emailToOAuth", "team_name")
 		return
 	}
 
 	service := props["service"]
 	if len(service) == 0 {
-		c.SetInvalidParam("switchToSSO", "service")
+		c.SetInvalidParam("emailToOAuth", "service")
 		return
 	}
 
 	email := props["email"]
 	if len(email) == 0 {
-		c.SetInvalidParam("switchToSSO", "email")
+		c.SetInvalidParam("emailToOAuth", "email")
 		return
 	}
 
@@ -2162,24 +2165,24 @@ func CompleteSwitchWithOAuth(c *Context, w http.ResponseWriter, r *http.Request,
 	sendSignInChangeEmailAndForget(c, user.Email, team.DisplayName, c.GetSiteURL()+"/"+team.Name, c.GetSiteURL(), strings.Title(service)+" SSO")
 }
 
-func switchToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
+func oauthToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 	props := model.MapFromJson(r.Body)
 
 	password := props["password"]
 	if len(password) == 0 {
-		c.SetInvalidParam("switchToEmail", "password")
+		c.SetInvalidParam("oauthToEmail", "password")
 		return
 	}
 
 	teamName := props["team_name"]
 	if len(teamName) == 0 {
-		c.SetInvalidParam("switchToEmail", "team_name")
+		c.SetInvalidParam("oauthToEmail", "team_name")
 		return
 	}
 
 	email := props["email"]
 	if len(email) == 0 {
-		c.SetInvalidParam("switchToEmail", "email")
+		c.SetInvalidParam("oauthToEmail", "email")
 		return
 	}
 
@@ -2205,7 +2208,7 @@ func switchToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	if user.Id != c.Session.UserId {
 		c.LogAudit("fail - user ids didn't match")
-		c.Err = model.NewLocAppError("switchToEmail", "api.user.switch_to_email.context.app_error", nil, "")
+		c.Err = model.NewLocAppError("oauthToEmail", "api.user.oauth_to_email.context.app_error", nil, "")
 		c.Err.StatusCode = http.StatusForbidden
 		return
 	}
@@ -2230,6 +2233,176 @@ func switchToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(model.MapToJson(m)))
 }
 
+func emailToLdap(c *Context, w http.ResponseWriter, r *http.Request) {
+	props := model.MapFromJson(r.Body)
+
+	email := props["email"]
+	if len(email) == 0 {
+		c.SetInvalidParam("emailToLdap", "email")
+		return
+	}
+
+	emailPassword := props["email_password"]
+	if len(emailPassword) == 0 {
+		c.SetInvalidParam("emailToLdap", "email_password")
+		return
+	}
+
+	teamName := props["team_name"]
+	if len(teamName) == 0 {
+		c.SetInvalidParam("emailToLdap", "team_name")
+		return
+	}
+
+	ldapId := props["ldap_id"]
+	if len(ldapId) == 0 {
+		c.SetInvalidParam("emailToLdap", "ldap_id")
+		return
+	}
+
+	ldapPassword := props["ldap_password"]
+	if len(ldapPassword) == 0 {
+		c.SetInvalidParam("emailToLdap", "ldap_password")
+		return
+	}
+
+	c.LogAudit("attempt")
+
+	var team *model.Team
+	if result := <-Srv.Store.Team().GetByName(teamName); result.Err != nil {
+		c.LogAudit("fail - couldn't get team")
+		c.Err = result.Err
+		return
+	} else {
+		team = result.Data.(*model.Team)
+	}
+
+	var user *model.User
+	if result := <-Srv.Store.User().GetByEmail(team.Id, email); result.Err != nil {
+		c.LogAudit("fail - couldn't get user")
+		c.Err = result.Err
+		return
+	} else {
+		user = result.Data.(*model.User)
+	}
+
+	if !checkUserLoginAttempts(c, user) || !checkUserPassword(c, user, emailPassword) {
+		c.LogAuditWithUserId(user.Id, "fail - invalid email password")
+		return
+	}
+
+	RevokeAllSession(c, user.Id)
+	if c.Err != nil {
+		return
+	}
+
+	ldapInterface := einterfaces.GetLdapInterface()
+	if ldapInterface == nil {
+		c.Err = model.NewLocAppError("emailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "")
+		c.Err.StatusCode = http.StatusNotImplemented
+		return
+	}
+
+	if err := ldapInterface.DoSwitch(user.Id, ldapId, ldapPassword); err != nil {
+		c.LogAuditWithUserId(user.Id, "fail - ldap switch failed")
+		c.Err = err
+		return
+	}
+
+	sendSignInChangeEmailAndForget(c, user.Email, team.DisplayName, c.GetSiteURL()+"/"+team.Name, c.GetSiteURL(), "LDAP")
+
+	m := map[string]string{}
+	m["follow_link"] = c.GetTeamURL() + "/login?extra=signin_change"
+
+	c.LogAudit("success")
+	w.Write([]byte(model.MapToJson(m)))
+}
+
+func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
+	props := model.MapFromJson(r.Body)
+
+	email := props["email"]
+	if len(email) == 0 {
+		c.SetInvalidParam("ldapToEmail", "email")
+		return
+	}
+
+	emailPassword := props["email_password"]
+	if len(emailPassword) == 0 {
+		c.SetInvalidParam("ldapToEmail", "email_password")
+		return
+	}
+
+	teamName := props["team_name"]
+	if len(teamName) == 0 {
+		c.SetInvalidParam("ldapToEmail", "team_name")
+		return
+	}
+
+	ldapPassword := props["ldap_password"]
+	if len(ldapPassword) == 0 {
+		c.SetInvalidParam("ldapToEmail", "ldap_password")
+		return
+	}
+
+	c.LogAudit("attempt")
+
+	var team *model.Team
+	if result := <-Srv.Store.Team().GetByName(teamName); result.Err != nil {
+		c.LogAudit("fail - couldn't get team")
+		c.Err = result.Err
+		return
+	} else {
+		team = result.Data.(*model.Team)
+	}
+
+	var user *model.User
+	if result := <-Srv.Store.User().GetByEmail(team.Id, email); result.Err != nil {
+		c.LogAudit("fail - couldn't get user")
+		c.Err = result.Err
+		return
+	} else {
+		user = result.Data.(*model.User)
+	}
+
+	if user.AuthService != model.USER_AUTH_SERVICE_LDAP {
+		c.Err = model.NewLocAppError("ldapToEmail", "api.user.ldap_to_email.not_ldap_account.app_error", nil, "")
+		return
+	}
+
+	ldapInterface := einterfaces.GetLdapInterface()
+	if ldapInterface == nil {
+		c.Err = model.NewLocAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "")
+		c.Err.StatusCode = http.StatusNotImplemented
+		return
+	}
+
+	if err := ldapInterface.CheckPassword(user.AuthData, ldapPassword); err != nil {
+		c.LogAuditWithUserId(user.Id, "fail - ldap authentication failed")
+		c.Err = err
+		return
+	}
+
+	if result := <-Srv.Store.User().UpdatePassword(user.Id, model.HashPassword(emailPassword)); result.Err != nil {
+		c.LogAudit("fail - database issue")
+		c.Err = result.Err
+		return
+	}
+
+	RevokeAllSession(c, user.Id)
+	if c.Err != nil {
+		return
+	}
+
+	sendSignInChangeEmailAndForget(c, user.Email, team.DisplayName, c.GetSiteURL()+"/"+team.Name, c.GetSiteURL(), c.T("api.templates.signin_change_email.body.method_email"))
+
+	m := map[string]string{}
+	m["follow_link"] = c.GetTeamURL() + "/login?extra=signin_change"
+
+	c.LogAudit("success")
+	w.Write([]byte(model.MapToJson(m)))
+}
+
 func sendSignInChangeEmailAndForget(c *Context, email, teamDisplayName, teamURL, siteURL, method string) {
 	go func() {
 
diff --git a/api/user_test.go b/api/user_test.go
index a175adb1b..86cda0390 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -1161,7 +1161,7 @@ func TestStatuses(t *testing.T) {
 
 }
 
-func TestSwitchToSSO(t *testing.T) {
+func TestEmailToOAuth(t *testing.T) {
 	Setup()
 
 	team := model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
@@ -1172,45 +1172,45 @@ func TestSwitchToSSO(t *testing.T) {
 	store.Must(Srv.Store.User().VerifyEmail(ruser.Id))
 
 	m := map[string]string{}
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.EmailToOAuth(m); err == nil {
 		t.Fatal("should have failed - empty data")
 	}
 
 	m["password"] = "pwd"
-	_, err := Client.SwitchToSSO(m)
+	_, err := Client.EmailToOAuth(m)
 	if err == nil {
 		t.Fatal("should have failed - missing team_name, service, email")
 	}
 
 	m["team_name"] = team.Name
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.EmailToOAuth(m); err == nil {
 		t.Fatal("should have failed - missing service, email")
 	}
 
 	m["service"] = "someservice"
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.EmailToOAuth(m); err == nil {
 		t.Fatal("should have failed - missing email")
 	}
 
 	m["team_name"] = "junk"
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.EmailToOAuth(m); err == nil {
 		t.Fatal("should have failed - bad team name")
 	}
 
 	m["team_name"] = team.Name
 	m["email"] = "junk"
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.EmailToOAuth(m); err == nil {
 		t.Fatal("should have failed - bad email")
 	}
 
 	m["email"] = ruser.Email
 	m["password"] = "junk"
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.EmailToOAuth(m); err == nil {
 		t.Fatal("should have failed - bad password")
 	}
 }
 
-func TestSwitchToEmail(t *testing.T) {
+func TestOAuthToEmail(t *testing.T) {
 	Setup()
 
 	team := model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
@@ -1225,45 +1225,158 @@ func TestSwitchToEmail(t *testing.T) {
 	store.Must(Srv.Store.User().VerifyEmail(ruser2.Id))
 
 	m := map[string]string{}
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.OAuthToEmail(m); err == nil {
 		t.Fatal("should have failed - not logged in")
 	}
 
 	Client.LoginByEmail(team.Name, user.Email, user.Password)
 
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.OAuthToEmail(m); err == nil {
 		t.Fatal("should have failed - empty data")
 	}
 
 	m["password"] = "pwd"
-	_, err := Client.SwitchToSSO(m)
+	_, err := Client.OAuthToEmail(m)
 	if err == nil {
 		t.Fatal("should have failed - missing team_name, service, email")
 	}
 
 	m["team_name"] = team.Name
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.OAuthToEmail(m); err == nil {
 		t.Fatal("should have failed - missing email")
 	}
 
 	m["email"] = ruser.Email
 	m["team_name"] = "junk"
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.OAuthToEmail(m); err == nil {
 		t.Fatal("should have failed - bad team name")
 	}
 
 	m["team_name"] = team.Name
 	m["email"] = "junk"
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.OAuthToEmail(m); err == nil {
 		t.Fatal("should have failed - bad email")
 	}
 
 	m["email"] = ruser2.Email
-	if _, err := Client.SwitchToSSO(m); err == nil {
+	if _, err := Client.OAuthToEmail(m); err == nil {
 		t.Fatal("should have failed - wrong user")
 	}
 }
 
+func TestLDAPToEmail(t *testing.T) {
+	Setup()
+
+	team := model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+	rteam, _ := Client.CreateTeam(&team)
+
+	user := model.User{TeamId: rteam.Data.(*model.Team).Id, Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"}
+	ruser := Client.Must(Client.CreateUser(&user, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(ruser.Id))
+
+	Client.LoginByEmail(team.Name, user.Email, user.Password)
+
+	m := map[string]string{}
+	if _, err := Client.LDAPToEmail(m); err == nil {
+		t.Fatal("should have failed - empty data")
+	}
+
+	m["email_password"] = "pwd"
+	_, err := Client.LDAPToEmail(m)
+	if err == nil {
+		t.Fatal("should have failed - missing team_name, ldap_password, email")
+	}
+
+	m["team_name"] = team.Name
+	if _, err := Client.LDAPToEmail(m); err == nil {
+		t.Fatal("should have failed - missing email, ldap_password")
+	}
+
+	m["ldap_password"] = "pwd"
+	if _, err := Client.LDAPToEmail(m); err == nil {
+		t.Fatal("should have failed - missing email")
+	}
+
+	m["email"] = ruser.Email
+	m["team_name"] = "junk"
+	if _, err := Client.LDAPToEmail(m); err == nil {
+		t.Fatal("should have failed - bad team name")
+	}
+
+	m["team_name"] = team.Name
+	m["email"] = "junk"
+	if _, err := Client.LDAPToEmail(m); err == nil {
+		t.Fatal("should have failed - bad email")
+	}
+
+	m["email"] = user.Email
+	if _, err := Client.LDAPToEmail(m); err == nil {
+		t.Fatal("should have failed - user is not an LDAP user")
+	}
+}
+
+func TestEmailToLDAP(t *testing.T) {
+	Setup()
+
+	team := model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+	rteam, _ := Client.CreateTeam(&team)
+
+	user := model.User{TeamId: rteam.Data.(*model.Team).Id, Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"}
+	ruser := Client.Must(Client.CreateUser(&user, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(ruser.Id))
+
+	Client.LoginByEmail(team.Name, user.Email, user.Password)
+
+	m := map[string]string{}
+	if _, err := Client.EmailToLDAP(m); err == nil {
+		t.Fatal("should have failed - empty data")
+	}
+
+	m["email_password"] = "pwd"
+	_, err := Client.EmailToLDAP(m)
+	if err == nil {
+		t.Fatal("should have failed - missing team_name, ldap_id, ldap_password, email")
+	}
+
+	m["team_name"] = team.Name
+	if _, err := Client.EmailToLDAP(m); err == nil {
+		t.Fatal("should have failed - missing email, ldap_password, ldap_id")
+	}
+
+	m["ldap_id"] = "someid"
+	if _, err := Client.EmailToLDAP(m); err == nil {
+		t.Fatal("should have failed - missing email, ldap_password")
+	}
+
+	m["ldap_password"] = "pwd"
+	if _, err := Client.EmailToLDAP(m); err == nil {
+		t.Fatal("should have failed - missing email")
+	}
+
+	m["email"] = ruser.Email
+	m["team_name"] = "junk"
+	if _, err := Client.EmailToLDAP(m); err == nil {
+		t.Fatal("should have failed - bad team name")
+	}
+
+	m["team_name"] = team.Name
+	m["email"] = "junk"
+	if _, err := Client.EmailToLDAP(m); err == nil {
+		t.Fatal("should have failed - bad email")
+	}
+
+	m["email"] = user.Email
+	m["email_password"] = "junk"
+	if _, err := Client.EmailToLDAP(m); err == nil {
+		t.Fatal("should have failed - bad password")
+	}
+
+	m["email_password"] = "pwd"
+	if _, err := Client.EmailToLDAP(m); err == nil {
+		t.Fatal("should have failed - missing ldap bits or user")
+	}
+}
+
 func TestMeLoggedIn(t *testing.T) {
 	Setup()
 
diff --git a/einterfaces/ldap.go b/einterfaces/ldap.go
index 1c5938322..583fa02c0 100644
--- a/einterfaces/ldap.go
+++ b/einterfaces/ldap.go
@@ -11,6 +11,7 @@ type LdapInterface interface {
 	DoLogin(team *model.Team, id string, password string) (*model.User, *model.AppError)
 	GetUser(id string) (*model.User, *model.AppError)
 	CheckPassword(id string, password string) *model.AppError
+	DoSwitch(userId, ldapId, ldapPassword string) *model.AppError
 }
 
 var theLdapInterface LdapInterface
diff --git a/i18n/en.json b/i18n/en.json
index 3180e8dbc..6811d86e3 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -1540,10 +1540,22 @@
     "translation": "Failed to send welcome email successfully err=%v"
   },
   {
-    "id": "api.user.switch_to_email.context.app_error",
+    "id": "api.user.oauth_to_email.context.app_error",
     "translation": "Update password failed because context user_id did not match provided user's id"
   },
   {
+    "id": "api.user.email_to_ldap.not_available.app_error",
+    "translation": "LDAP not available on this server"
+  },
+  {
+    "id": "api.user.ldap_to_email.not_ldap_account.app_error",
+    "translation": "This user account does use LDAP"
+  },
+  {
+    "id": "api.user.ldap_to_email.not_available.app_error",
+    "translation": "LDAP not available on this server"
+  },
+  {
     "id": "api.user.update_active.permissions.app_error",
     "translation": "You do not have the appropriate permissions"
   },
diff --git a/i18n/es.json b/i18n/es.json
index 97471ee98..2c062dd00 100644
--- a/i18n/es.json
+++ b/i18n/es.json
@@ -1540,7 +1540,7 @@
     "translation": "Falla al enviar el correo de bienvenida err=%v"
   },
   {
-    "id": "api.user.switch_to_email.context.app_error",
+    "id": "api.user.oauth_to_email.context.app_error",
     "translation": "La actualización de la contraseña falló porque el user_id del contexto no coincide con el id de usuario provisto"
   },
   {
diff --git a/i18n/pt.json b/i18n/pt.json
index 15bc42835..6bcf9e072 100644
--- a/i18n/pt.json
+++ b/i18n/pt.json
@@ -1540,7 +1540,7 @@
     "translation": "Falha ao enviar com sucesso boas vindas por email err=%v"
   },
   {
-    "id": "api.user.switch_to_email.context.app_error",
+    "id": "api.user.oauth_to_email.context.app_error",
     "translation": "Atualização de senha falhou devido ao contexto user_id não combinar com id de usuário fornecido"
   },
   {
diff --git a/model/client.go b/model/client.go
index f5c8ad641..ee26ae64e 100644
--- a/model/client.go
+++ b/model/client.go
@@ -332,8 +332,8 @@ func (c *Client) GetSessions(id string) (*Result, *AppError) {
 	}
 }
 
-func (c *Client) SwitchToSSO(m map[string]string) (*Result, *AppError) {
-	if r, err := c.DoApiPost("/users/switch_to_sso", MapToJson(m)); err != nil {
+func (c *Client) EmailToOAuth(m map[string]string) (*Result, *AppError) {
+	if r, err := c.DoApiPost("/users/claim/email_to_sso", MapToJson(m)); err != nil {
 		return nil, err
 	} else {
 		return &Result{r.Header.Get(HEADER_REQUEST_ID),
@@ -341,8 +341,26 @@ func (c *Client) SwitchToSSO(m map[string]string) (*Result, *AppError) {
 	}
 }
 
-func (c *Client) SwitchToEmail(m map[string]string) (*Result, *AppError) {
-	if r, err := c.DoApiPost("/users/switch_to_email", MapToJson(m)); err != nil {
+func (c *Client) OAuthToEmail(m map[string]string) (*Result, *AppError) {
+	if r, err := c.DoApiPost("/users/claim/oauth_to_email", MapToJson(m)); err != nil {
+		return nil, err
+	} else {
+		return &Result{r.Header.Get(HEADER_REQUEST_ID),
+			r.Header.Get(HEADER_ETAG_SERVER), MapFromJson(r.Body)}, nil
+	}
+}
+
+func (c *Client) LDAPToEmail(m map[string]string) (*Result, *AppError) {
+	if r, err := c.DoApiPost("/users/claim/ldap_to_email", MapToJson(m)); err != nil {
+		return nil, err
+	} else {
+		return &Result{r.Header.Get(HEADER_REQUEST_ID),
+			r.Header.Get(HEADER_ETAG_SERVER), MapFromJson(r.Body)}, nil
+	}
+}
+
+func (c *Client) EmailToLDAP(m map[string]string) (*Result, *AppError) {
+	if r, err := c.DoApiPost("/users/claim/ldap_to_email", MapToJson(m)); err != nil {
 		return nil, err
 	} else {
 		return &Result{r.Header.Get(HEADER_REQUEST_ID),
diff --git a/model/ldap.go b/model/ldap.go
new file mode 100644
index 000000000..5fde06a6e
--- /dev/null
+++ b/model/ldap.go
@@ -0,0 +1,8 @@
+// Copyright (c) 2016 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package model
+
+const (
+	USER_AUTH_SERVICE_LDAP = "ldap"
+)
diff --git a/webapp/components/claim/claim_account.jsx b/webapp/components/claim/claim.jsx
index b6495e283..0254897f9 100644
--- a/webapp/components/claim/claim_account.jsx
+++ b/webapp/components/claim/claim.jsx
@@ -1,16 +1,14 @@
 // Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
 // See License.txt for license information.
 
-import EmailToSSO from './email_to_sso.jsx';
-import SSOToEmail from './sso_to_email.jsx';
-import TeamStore from 'stores/team_store.jsx';
+import TeamStore from '../../stores/team_store.jsx';
 
+import React from 'react';
 import {FormattedMessage} from 'react-intl';
 
-import React from 'react';
 import logoImage from 'images/logo.png';
 
-export default class ClaimAccount extends React.Component {
+export default class Claim extends React.Component {
     constructor(props) {
         super(props);
 
@@ -39,7 +37,7 @@ export default class ClaimAccount extends React.Component {
         const team = TeamStore.getByName(this.state.teamName);
         let displayName = '';
         if (team) {
-            displayName = team.displayName;
+            displayName = team.display_name;
         }
         this.setState({
             teamDisplayName: displayName
@@ -49,39 +47,6 @@ export default class ClaimAccount extends React.Component {
         this.updateStateFromStores();
     }
     render() {
-        if (this.state.teamDisplayName === '') {
-            return (<div/>);
-        }
-        let content;
-        if (this.state.email === '') {
-            content = (
-                <p>
-                    <FormattedMessage
-                        id='claim.account.noEmail'
-                        defaultMessage='No email specified'
-                    />
-                </p>
-            );
-        } else if (this.state.oldType === '' && this.state.newType !== '') {
-            content = (
-                <EmailToSSO
-                    email={this.state.email}
-                    type={this.state.newType}
-                    teamName={this.state.teamName}
-                    teamDisplayName={this.state.teamDisplayName}
-                />
-            );
-        } else {
-            content = (
-                <SSOToEmail
-                    email={this.state.email}
-                    currentType={this.state.oldType}
-                    teamName={this.state.teamName}
-                    teamDisplayName={this.state.teamDisplayName}
-                />
-            );
-        }
-
         return (
             <div>
                 <div className='signup-header'>
@@ -99,7 +64,13 @@ export default class ClaimAccount extends React.Component {
                             src={logoImage}
                         />
                         <div id='claim'>
-                            {content}
+                            {React.cloneElement(this.props.children, {
+                                teamName: this.state.teamName,
+                                teamDisplayName: this.state.teamDisplayName,
+                                currentType: this.state.oldType,
+                                newType: this.state.newType,
+                                email: this.state.email
+                            })}
                         </div>
                     </div>
                 </div>
@@ -108,9 +79,10 @@ export default class ClaimAccount extends React.Component {
     }
 }
 
-ClaimAccount.defaultProps = {
+Claim.defaultProps = {
 };
-ClaimAccount.propTypes = {
+Claim.propTypes = {
     params: React.PropTypes.object.isRequired,
-    location: React.PropTypes.object.isRequired
+    location: React.PropTypes.object.isRequired,
+    children: React.PropTypes.node
 };
diff --git a/webapp/components/claim/components/email_to_ldap.jsx b/webapp/components/claim/components/email_to_ldap.jsx
new file mode 100644
index 000000000..bb2a3f0ed
--- /dev/null
+++ b/webapp/components/claim/components/email_to_ldap.jsx
@@ -0,0 +1,169 @@
+// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+import * as Utils from '../../../utils/utils.jsx';
+import * as Client from '../../../utils/client.jsx';
+
+import React from 'react';
+import ReactDOM from 'react-dom';
+import {FormattedMessage} from 'react-intl';
+
+export default class EmailToLDAP extends React.Component {
+    constructor(props) {
+        super(props);
+
+        this.submit = this.submit.bind(this);
+
+        this.state = {};
+    }
+    submit(e) {
+        e.preventDefault();
+        var state = {};
+
+        const password = ReactDOM.findDOMNode(this.refs.password).value.trim();
+        if (!password) {
+            state.error = Utils.localizeMessage('claim.email_to_ldap.pwdError', 'Please enter your password.');
+            this.setState(state);
+            return;
+        }
+
+        const ldapId = ReactDOM.findDOMNode(this.refs.ldapid).value.trim();
+        if (!ldapId) {
+            state.error = Utils.localizeMessage('claim.email_to_ldap.ldapIdError', 'Please enter your LDAP ID.');
+            this.setState(state);
+            return;
+        }
+
+        const ldapPassword = ReactDOM.findDOMNode(this.refs.ldappassword).value.trim();
+        if (!ldapPassword) {
+            state.error = Utils.localizeMessage('claim.email_to_ldap.ldapPasswordError', 'Please enter your LDAP password.');
+            this.setState(state);
+            return;
+        }
+
+        state.error = null;
+        this.setState(state);
+
+        var postData = {};
+        postData.email_password = password;
+        postData.ldap_id = ldapId;
+        postData.ldap_password = ldapPassword;
+        postData.email = this.props.email;
+        postData.team_name = this.props.teamName;
+
+        Client.emailToLDAP(postData,
+            (data) => {
+                if (data.follow_link) {
+                    window.location.href = data.follow_link;
+                }
+            },
+            (error) => {
+                this.setState({error});
+            }
+        );
+    }
+    render() {
+        var error = null;
+        if (this.state.error) {
+            error = <div className='form-group has-error'><label className='control-label'>{this.state.error}</label></div>;
+        }
+
+        var formClass = 'form-group';
+        if (error) {
+            formClass += ' has-error';
+        }
+
+        return (
+            <div>
+                <h3>
+                    <FormattedMessage
+                        id='claim.email_to_ldap.title'
+                        defaultMessage='Switch Email/Password Account to LDAP'
+                    />
+                </h3>
+                <form onSubmit={this.submit}>
+                    <p>
+                        <FormattedMessage
+                            id='claim.email_to_ldap.ssoType'
+                            defaultMessage='Upon claiming your account, you will only be able to login with LDAP'
+                        />
+                    </p>
+                    <p>
+                        <FormattedMessage
+                            id='claim.email_to_ldap.ssoNote'
+                            defaultMessage='You must already have a valid LDAP account'
+                        />
+                    </p>
+                    <p>
+                        <FormattedMessage
+                            id='claim.email_to_ldap.enterPwd'
+                            defaultMessage='Enter the password for your {team} {site} email account'
+                            values={{
+                                team: this.props.teamDisplayName,
+                                site: global.window.mm_config.SiteName
+                            }}
+                        />
+                    </p>
+                    <div className={formClass}>
+                        <input
+                            type='password'
+                            className='form-control'
+                            name='password'
+                            ref='password'
+                            placeholder={Utils.localizeMessage('claim.email_to_ldap.pwd', 'Password')}
+                            spellCheck='false'
+                        />
+                    </div>
+                    <p>
+                        <FormattedMessage
+                            id='claim.email_to_ldap.enterLdapPwd'
+                            defaultMessage='Enter the ID and password for your LDAP account'
+                            values={{
+                                team: this.props.teamDisplayName,
+                                site: global.window.mm_config.SiteName
+                            }}
+                        />
+                    </p>
+                    <div className={formClass}>
+                        <input
+                            type='text'
+                            className='form-control'
+                            name='ldapId'
+                            ref='ldapid'
+                            placeholder={Utils.localizeMessage('claim.email_to_ldap.ldapId', 'LDAP ID')}
+                            spellCheck='false'
+                        />
+                    </div>
+                    <div className={formClass}>
+                        <input
+                            type='password'
+                            className='form-control'
+                            name='ldapPassword'
+                            ref='ldappassword'
+                            placeholder={Utils.localizeMessage('claim.email_to_ldap.ldapPwd', 'LDAP Password')}
+                            spellCheck='false'
+                        />
+                    </div>
+                    {error}
+                    <button
+                        type='submit'
+                        className='btn btn-primary'
+                    >
+                        <FormattedMessage
+                            id='claim.email_to_ldap.switchTo'
+                            defaultMessage='Switch account to LDAP'
+                        />
+                    </button>
+                </form>
+            </div>
+        );
+    }
+}
+
+EmailToLDAP.defaultProps = {
+};
+EmailToLDAP.propTypes = {
+    email: React.PropTypes.string,
+    teamName: React.PropTypes.string,
+    teamDisplayName: React.PropTypes.string
+};
diff --git a/webapp/components/claim/email_to_sso.jsx b/webapp/components/claim/components/email_to_oauth.jsx
index d09449247..51549423d 100644
--- a/webapp/components/claim/email_to_sso.jsx
+++ b/webapp/components/claim/components/email_to_oauth.jsx
@@ -1,26 +1,14 @@
 // Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
 // See License.txt for license information.
 
-import ReactDOM from 'react-dom';
-import * as Utils from 'utils/utils.jsx';
-import * as Client from 'utils/client.jsx';
-
-import {intlShape, injectIntl, defineMessages, FormattedMessage} from 'react-intl';
-
-const holders = defineMessages({
-    pwdError: {
-        id: 'claim.email_to_sso.pwdError',
-        defaultMessage: 'Please enter your password.'
-    },
-    pwd: {
-        id: 'claim.email_to_sso.pwd',
-        defaultMessage: 'Password'
-    }
-});
+import * as Utils from '../../../utils/utils.jsx';
+import * as Client from '../../../utils/client.jsx';
 
 import React from 'react';
+import ReactDOM from 'react-dom';
+import {FormattedMessage} from 'react-intl';
 
-class EmailToSSO extends React.Component {
+export default class EmailToOAuth extends React.Component {
     constructor(props) {
         super(props);
 
@@ -34,7 +22,7 @@ class EmailToSSO extends React.Component {
 
         var password = ReactDOM.findDOMNode(this.refs.password).value.trim();
         if (!password) {
-            state.error = this.props.intl.formatMessage(holders.pwdError);
+            state.error = Utils.localizeMessage('claim.email_to_oauth.pwdError', 'Please enter your password.');
             this.setState(state);
             return;
         }
@@ -46,9 +34,9 @@ class EmailToSSO extends React.Component {
         postData.password = password;
         postData.email = this.props.email;
         postData.team_name = this.props.teamName;
-        postData.service = this.props.type;
+        postData.service = this.props.newType;
 
-        Client.switchToSSO(postData,
+        Client.emailToOAuth(postData,
             (data) => {
                 if (data.follow_link) {
                     window.location.href = data.follow_link;
@@ -70,41 +58,41 @@ class EmailToSSO extends React.Component {
             formClass += ' has-error';
         }
 
-        const uiType = Utils.toTitleCase(this.props.type) + ' SSO';
+        const uiType = Utils.toTitleCase(this.props.newType) + ' SSO';
 
         return (
             <div>
                 <h3>
                     <FormattedMessage
-                        id='claim.email_to_sso.title'
+                        id='claim.email_to_oauth.title'
                         defaultMessage='Switch Email/Password Account to {uiType}'
                         values={{
-                            uiType: uiType
+                            uiType
                         }}
                     />
                 </h3>
                 <form onSubmit={this.submit}>
                     <p>
                         <FormattedMessage
-                            id='claim.email_to_sso.ssoType'
+                            id='claim.email_to_oauth.ssoType'
                             defaultMessage='Upon claiming your account, you will only be able to login with {type} SSO'
                             values={{
-                                type: Utils.toTitleCase(this.props.type)
+                                type: Utils.toTitleCase(this.props.newType)
                             }}
                         />
                     </p>
                     <p>
                         <FormattedMessage
-                            id='claim.email_to_sso.ssoNote'
+                            id='claim.email_to_oauth.ssoNote'
                             defaultMessage='You must already have a valid {type} account'
                             values={{
-                                type: Utils.toTitleCase(this.props.type)
+                                type: Utils.toTitleCase(this.props.newType)
                             }}
                         />
                     </p>
                     <p>
                         <FormattedMessage
-                            id='claim.email_to_sso.enterPwd'
+                            id='claim.email_to_oauth.enterPwd'
                             defaultMessage='Enter the password for your {team} {site} account'
                             values={{
                                 team: this.props.teamDisplayName,
@@ -118,7 +106,7 @@ class EmailToSSO extends React.Component {
                             className='form-control'
                             name='password'
                             ref='password'
-                            placeholder={this.props.intl.formatMessage(holders.pwd)}
+                            placeholder={Utils.localizeMessage('claim.email_to_oauth.pwd', 'Password')}
                             spellCheck='false'
                         />
                     </div>
@@ -128,10 +116,10 @@ class EmailToSSO extends React.Component {
                         className='btn btn-primary'
                     >
                         <FormattedMessage
-                            id='claim.email_to_sso.switchTo'
+                            id='claim.email_to_oauth.switchTo'
                             defaultMessage='Switch account to {uiType}'
                             values={{
-                                uiType: uiType
+                                uiType
                             }}
                         />
                     </button>
@@ -141,14 +129,11 @@ class EmailToSSO extends React.Component {
     }
 }
 
-EmailToSSO.defaultProps = {
+EmailToOAuth.defaultProps = {
 };
-EmailToSSO.propTypes = {
-    intl: intlShape.isRequired,
-    type: React.PropTypes.string.isRequired,
-    email: React.PropTypes.string.isRequired,
-    teamName: React.PropTypes.string.isRequired,
-    teamDisplayName: React.PropTypes.string.isRequired
+EmailToOAuth.propTypes = {
+    newType: React.PropTypes.string,
+    email: React.PropTypes.string,
+    teamName: React.PropTypes.string,
+    teamDisplayName: React.PropTypes.string
 };
-
-export default injectIntl(EmailToSSO);
diff --git a/webapp/components/claim/components/ldap_to_email.jsx b/webapp/components/claim/components/ldap_to_email.jsx
new file mode 100644
index 000000000..d645819b5
--- /dev/null
+++ b/webapp/components/claim/components/ldap_to_email.jsx
@@ -0,0 +1,167 @@
+// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+import * as Utils from '../../../utils/utils.jsx';
+import * as Client from '../../../utils/client.jsx';
+
+import React from 'react';
+import ReactDOM from 'react-dom';
+import {FormattedMessage} from 'react-intl';
+
+export default class LDAPToEmail extends React.Component {
+    constructor(props) {
+        super(props);
+
+        this.submit = this.submit.bind(this);
+
+        this.state = {};
+    }
+    submit(e) {
+        e.preventDefault();
+        var state = {};
+
+        const password = ReactDOM.findDOMNode(this.refs.password).value.trim();
+        if (!password) {
+            state.error = Utils.localizeMessage('claim.ldap_to_email.pwdError', 'Please enter your password.');
+            this.setState(state);
+            return;
+        }
+
+        const confirmPassword = ReactDOM.findDOMNode(this.refs.passwordconfirm).value.trim();
+        if (!confirmPassword || password !== confirmPassword) {
+            state.error = Utils.localizeMessage('claim.ldap_to_email.pwdNotMatch', 'Passwords do not match.');
+            this.setState(state);
+            return;
+        }
+
+        const ldapPassword = ReactDOM.findDOMNode(this.refs.ldappassword).value.trim();
+        if (!ldapPassword) {
+            state.error = Utils.localizeMessage('claim.ldap_to_email.ldapPasswordError', 'Please enter your LDAP password.');
+            this.setState(state);
+            return;
+        }
+
+        state.error = null;
+        this.setState(state);
+
+        var postData = {};
+        postData.email_password = password;
+        postData.ldap_password = ldapPassword;
+        postData.email = this.props.email;
+        postData.team_name = this.props.teamName;
+
+        Client.ldapToEmail(postData,
+            (data) => {
+                if (data.follow_link) {
+                    window.location.href = data.follow_link;
+                }
+            },
+            (error) => {
+                this.setState({error});
+            }
+        );
+    }
+    render() {
+        var error = null;
+        if (this.state.error) {
+            error = <div className='form-group has-error'><label className='control-label'>{this.state.error}</label></div>;
+        }
+
+        var formClass = 'form-group';
+        if (error) {
+            formClass += ' has-error';
+        }
+
+        return (
+            <div>
+                <h3>
+                    <FormattedMessage
+                        id='claim.ldap_to_email.title'
+                        defaultMessage='Switch LDAP Account to Email/Password'
+                    />
+                </h3>
+                <form onSubmit={this.submit}>
+                    <p>
+                        <FormattedMessage
+                            id='claim.ldap_to_email.ssoType'
+                            defaultMessage='Upon claiming your account, you will only be able to login with your email and password'
+                        />
+                    </p>
+                    <p>
+                        <FormattedMessage
+                            id='claim.ldap_to_email.email'
+                            defaultMessage='You will use the email {email} to login'
+                            values={{
+                                email: this.props.email
+                            }}
+                        />
+                    </p>
+                    <p>
+                        <FormattedMessage
+                            id='claim.ldap_to_email.enterLdapPwd'
+                            defaultMessage='Enter your LDAP password for your {team} {site} email account'
+                            values={{
+                                team: this.props.teamDisplayName,
+                                site: global.window.mm_config.SiteName
+                            }}
+                        />
+                    </p>
+                    <div className={formClass}>
+                        <input
+                            type='password'
+                            className='form-control'
+                            name='ldapPassword'
+                            ref='ldappassword'
+                            placeholder={Utils.localizeMessage('claim.ldap_to_email.ldapPwd', 'LDAP Password')}
+                            spellCheck='false'
+                        />
+                    </div>
+                    <p>
+                        <FormattedMessage
+                            id='claim.ldap_to_email.enterPwd'
+                            defaultMessage='Enter a new password for your email account'
+                        />
+                    </p>
+                    <div className={formClass}>
+                        <input
+                            type='password'
+                            className='form-control'
+                            name='password'
+                            ref='password'
+                            placeholder={Utils.localizeMessage('claim.ldap_to_email.pwd', 'Password')}
+                            spellCheck='false'
+                        />
+                    </div>
+                    <div className={formClass}>
+                        <input
+                            type='password'
+                            className='form-control'
+                            name='passwordconfirm'
+                            ref='passwordconfirm'
+                            placeholder={Utils.localizeMessage('claim.ldap_to_email.confirm', 'Confirm Password')}
+                            spellCheck='false'
+                        />
+                    </div>
+                    {error}
+                    <button
+                        type='submit'
+                        className='btn btn-primary'
+                    >
+                        <FormattedMessage
+                            id='claim.ldap_to_email.switchTo'
+                            defaultMessage='Switch account to email/password'
+                        />
+                    </button>
+                </form>
+            </div>
+        );
+    }
+}
+
+LDAPToEmail.defaultProps = {
+};
+LDAPToEmail.propTypes = {
+    email: React.PropTypes.string,
+    teamName: React.PropTypes.string,
+    teamDisplayName: React.PropTypes.string
+};
diff --git a/webapp/components/claim/sso_to_email.jsx b/webapp/components/claim/components/oauth_to_email.jsx
index a41e09969..11246bea7 100644
--- a/webapp/components/claim/sso_to_email.jsx
+++ b/webapp/components/claim/components/oauth_to_email.jsx
@@ -1,34 +1,14 @@
 // Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
 // See License.txt for license information.
 
-import ReactDOM from 'react-dom';
-import * as Utils from 'utils/utils.jsx';
-import * as Client from 'utils/client.jsx';
-
-import {intlShape, injectIntl, defineMessages, FormattedMessage} from 'react-intl';
-
-const holders = defineMessages({
-    enterPwd: {
-        id: 'claim.sso_to_email.enterPwd',
-        defaultMessage: 'Please enter a password.'
-    },
-    pwdNotMatch: {
-        id: 'claim.sso_to_email.pwdNotMatch',
-        defaultMessage: 'Password do not match.'
-    },
-    newPwd: {
-        id: 'claim.sso_to_email.newPwd',
-        defaultMessage: 'New Password'
-    },
-    confirm: {
-        id: 'claim.sso_to_email.confirm',
-        defaultMessage: 'Confirm Password'
-    }
-});
+import * as Utils from '../../../utils/utils.jsx';
+import * as Client from '../../../utils/client.jsx';
 
 import React from 'react';
+import ReactDOM from 'react-dom';
+import {FormattedMessage} from 'react-intl';
 
-class SSOToEmail extends React.Component {
+export default class OAuthToEmail extends React.Component {
     constructor(props) {
         super(props);
 
@@ -37,20 +17,19 @@ class SSOToEmail extends React.Component {
         this.state = {};
     }
     submit(e) {
-        const {formatMessage} = this.props.intl;
         e.preventDefault();
         const state = {};
 
         const password = ReactDOM.findDOMNode(this.refs.password).value.trim();
         if (!password) {
-            state.error = formatMessage(holders.enterPwd);
+            state.error = Utils.localizeMessage('claim.oauth_to_email.enterPwd', 'Please enter a password.');
             this.setState(state);
             return;
         }
 
         const confirmPassword = ReactDOM.findDOMNode(this.refs.passwordconfirm).value.trim();
         if (!confirmPassword || password !== confirmPassword) {
-            state.error = formatMessage(holders.pwdNotMatch);
+            state.error = Utils.localizeMessage('claim.oauth_to_email.pwdNotMatch', 'Password do not match.');
             this.setState(state);
             return;
         }
@@ -63,7 +42,7 @@ class SSOToEmail extends React.Component {
         postData.email = this.props.email;
         postData.team_name = this.props.teamName;
 
-        Client.switchToEmail(postData,
+        Client.oauthToEmail(postData,
             (data) => {
                 if (data.follow_link) {
                     window.location.href = data.follow_link;
@@ -75,7 +54,6 @@ class SSOToEmail extends React.Component {
         );
     }
     render() {
-        const {formatMessage} = this.props.intl;
         var error = null;
         if (this.state.error) {
             error = <div className='form-group has-error'><label className='control-label'>{this.state.error}</label></div>;
@@ -92,7 +70,7 @@ class SSOToEmail extends React.Component {
             <div>
                 <h3>
                     <FormattedMessage
-                        id='claim.sso_to_email.title'
+                        id='claim.oauth_to_email.title'
                         defaultMessage='Switch {type} Account to Email'
                         values={{
                             type: uiType
@@ -102,13 +80,13 @@ class SSOToEmail extends React.Component {
                 <form onSubmit={this.submit}>
                     <p>
                         <FormattedMessage
-                            id='claim.sso_to_email.description'
+                            id='claim.oauth_to_email.description'
                             defaultMessage='Upon changing your account type, you will only be able to login with your email and password.'
                         />
                     </p>
                     <p>
                         <FormattedMessage
-                            id='claim.sso_to_email_newPwd'
+                            id='claim.oauth_to_email_newPwd'
                             defaultMessage='Enter a new password for your {team} {site} account'
                             values={{
                                 team: this.props.teamDisplayName,
@@ -122,7 +100,7 @@ class SSOToEmail extends React.Component {
                             className='form-control'
                             name='password'
                             ref='password'
-                            placeholder={formatMessage(holders.newPwd)}
+                            placeholder={Utils.localizeMessage('claim.oauth_to_email.newPwd', 'New Password')}
                             spellCheck='false'
                         />
                     </div>
@@ -132,7 +110,7 @@ class SSOToEmail extends React.Component {
                             className='form-control'
                             name='passwordconfirm'
                             ref='passwordconfirm'
-                            placeholder={formatMessage(holders.confirm)}
+                            placeholder={Utils.localizeMessage('claim.oauth_to_email.confirm', 'Confirm Password')}
                             spellCheck='false'
                         />
                     </div>
@@ -142,7 +120,7 @@ class SSOToEmail extends React.Component {
                         className='btn btn-primary'
                     >
                         <FormattedMessage
-                            id='claim.sso_to_email.switchTo'
+                            id='claim.oauth_to_email.switchTo'
                             defaultMessage='Switch {type} to email and password'
                             values={{
                                 type: uiType
@@ -155,14 +133,11 @@ class SSOToEmail extends React.Component {
     }
 }
 
-SSOToEmail.defaultProps = {
+OAuthToEmail.defaultProps = {
 };
-SSOToEmail.propTypes = {
-    intl: intlShape.isRequired,
-    currentType: React.PropTypes.string.isRequired,
-    email: React.PropTypes.string.isRequired,
-    teamName: React.PropTypes.string.isRequired,
-    teamDisplayName: React.PropTypes.string
+OAuthToEmail.propTypes = {
+    teamName: React.PropTypes.string,
+    teamDisplayName: React.PropTypes.string,
+    currentType: React.PropTypes.string,
+    email: React.PropTypes.string
 };
-
-export default injectIntl(SSOToEmail);
diff --git a/webapp/components/user_settings/user_settings_security.jsx b/webapp/components/user_settings/user_settings_security.jsx
index e42de91ea..283d2c425 100644
--- a/webapp/components/user_settings/user_settings_security.jsx
+++ b/webapp/components/user_settings/user_settings_security.jsx
@@ -15,6 +15,7 @@ import * as Utils from 'utils/utils.jsx';
 import Constants from 'utils/constants.jsx';
 
 import {intlShape, injectIntl, defineMessages, FormattedMessage, FormattedTime, FormattedDate} from 'react-intl';
+import {Link} from 'react-router';
 
 const holders = defineMessages({
     currentPasswordError: {
@@ -268,17 +269,24 @@ class SecurityTab extends React.Component {
 
             let emailOption;
             if (global.window.mm_config.EnableSignUpWithEmail === 'true' && user.auth_service !== '') {
+                let link;
+                if (user.auth_service === Constants.LDAP_SERVICE) {
+                    link = '/' + teamName + '/claim/ldap_to_email?email=' + encodeURIComponent(user.email);
+                } else {
+                    link = '/' + teamName + '/claim/oauth_to_email?email=' + encodeURIComponent(user.email) + '&old_type=' + user.auth_service;
+                }
+
                 emailOption = (
                     <div>
-                        <a
+                        <Link
                             className='btn btn-primary'
-                            href={'/' + teamName + '/claim?email=' + encodeURIComponent(user.email) + '&old_type=' + user.auth_service}
+                            to={link}
                         >
                             <FormattedMessage
                                 id='user.settings.security.switchEmail'
                                 defaultMessage='Switch to using email and password'
                             />
-                        </a>
+                        </Link>
                         <br/>
                     </div>
                 );
@@ -288,15 +296,15 @@ class SecurityTab extends React.Component {
             if (global.window.mm_config.EnableSignUpWithGitLab === 'true' && user.auth_service === '') {
                 gitlabOption = (
                     <div>
-                        <a
+                        <Link
                             className='btn btn-primary'
-                            href={'/' + teamName + '/claim?email=' + encodeURIComponent(user.email) + '&old_type=' + user.auth_service + '&new_type=' + Constants.GITLAB_SERVICE}
+                            to={'/' + teamName + '/claim/email_to_oauth?email=' + encodeURIComponent(user.email) + '&old_type=' + user.auth_service + '&new_type=' + Constants.GITLAB_SERVICE}
                         >
                             <FormattedMessage
                                 id='user.settings.security.switchGitlab'
                                 defaultMessage='Switch to using GitLab SSO'
                             />
-                        </a>
+                        </Link>
                         <br/>
                     </div>
                 );
@@ -306,15 +314,33 @@ class SecurityTab extends React.Component {
             if (global.window.mm_config.EnableSignUpWithGoogle === 'true' && user.auth_service === '') {
                 googleOption = (
                     <div>
-                        <a
+                        <Link
                             className='btn btn-primary'
-                            href={'/' + teamName + '/claim?email=' + encodeURIComponent(user.email) + '&old_type=' + user.auth_service + '&new_type=' + Constants.GOOGLE_SERVICE}
+                            to={'/' + teamName + '/claim/email_to_oauth?email=' + encodeURIComponent(user.email) + '&old_type=' + user.auth_service + '&new_type=' + Constants.GOOGLE_SERVICE}
                         >
                             <FormattedMessage
                                 id='user.settings.security.switchGoogle'
                                 defaultMessage='Switch to using Google SSO'
                             />
-                        </a>
+                        </Link>
+                        <br/>
+                    </div>
+                );
+            }
+
+            let ldapOption;
+            if (global.window.mm_config.EnableLdap === 'true' && user.auth_service === '') {
+                ldapOption = (
+                    <div>
+                        <Link
+                            className='btn btn-primary'
+                            to={'/' + teamName + '/claim/email_to_ldap?email=' + encodeURIComponent(user.email)}
+                        >
+                            <FormattedMessage
+                                id='user.settings.security.switchLdap'
+                                defaultMessage='Switch to using LDAP'
+                            />
+                        </Link>
                         <br/>
                     </div>
                 );
@@ -325,6 +351,7 @@ class SecurityTab extends React.Component {
                    {emailOption}
                    {gitlabOption}
                    <br/>
+                   {ldapOption}
                    {googleOption}
                 </div>
             );
diff --git a/webapp/i18n/en.json b/webapp/i18n/en.json
index d9411df07..34e938e69 100644
--- a/webapp/i18n/en.json
+++ b/webapp/i18n/en.json
@@ -633,21 +633,45 @@
   "choose_auth_page.ldapCreate": "Create new team with LDAP Account",
   "choose_auth_page.noSignup": "No sign-up methods configured, please contact your system administrator.",
   "claim.account.noEmail": "No email specified",
-  "claim.email_to_sso.enterPwd": "Enter the password for your {team} {site} account",
-  "claim.email_to_sso.pwd": "Password",
-  "claim.email_to_sso.pwdError": "Please enter your password.",
-  "claim.email_to_sso.ssoNote": "You must already have a valid {type} account",
-  "claim.email_to_sso.ssoType": "Upon claiming your account, you will only be able to login with {type} SSO",
-  "claim.email_to_sso.switchTo": "Switch account to {uiType}",
-  "claim.email_to_sso.title": "Switch Email/Password Account to {uiType}",
-  "claim.sso_to_email.confirm": "Confirm Password",
-  "claim.sso_to_email.description": "Upon changing your account type, you will only be able to login with your email and password.",
-  "claim.sso_to_email.enterPwd": "Please enter a password.",
-  "claim.sso_to_email.newPwd": "New Password",
-  "claim.sso_to_email.pwdNotMatch": "Password do not match.",
-  "claim.sso_to_email.switchTo": "Switch {type} to email and password",
-  "claim.sso_to_email.title": "Switch {type} Account to Email",
-  "claim.sso_to_email_newPwd": "Enter a new password for your {team} {site} account",
+  "claim.email_to_oauth.enterPwd": "Enter the password for your {team} {site} account",
+  "claim.email_to_oauth.pwd": "Password",
+  "claim.email_to_oauth.pwdError": "Please enter your password.",
+  "claim.email_to_oauth.ssoNote": "You must already have a valid {type} account",
+  "claim.email_to_oauth.ssoType": "Upon claiming your account, you will only be able to login with {type} SSO",
+  "claim.email_to_oauth.switchTo": "Switch account to {uiType}",
+  "claim.email_to_oauth.title": "Switch Email/Password Account to {uiType}",
+  "claim.oauth_to_email.confirm": "Confirm Password",
+  "claim.oauth_to_email.description": "Upon changing your account type, you will only be able to login with your email and password.",
+  "claim.oauth_to_email.enterPwd": "Please enter a password.",
+  "claim.oauth_to_email.newPwd": "New Password",
+  "claim.oauth_to_email.pwdNotMatch": "Password do not match.",
+  "claim.oauth_to_email.switchTo": "Switch {type} to email and password",
+  "claim.oauth_to_email.title": "Switch {type} Account to Email",
+  "claim.oauth_to_email.newPwd": "Enter a new password for your {team} {site} account",
+  "claim.email_to_ldap.pwdError": "Please enter your password.",
+  "claim.email_to_ldap.ldapIdError": "Please enter your LDAP ID.",
+  "claim.email_to_ldap.ldapPasswordError": "Please enter your LDAP password.",
+  "claim.email_to_ldap.title": "Switch Email/Password Account to LDAP",
+  "claim.email_to_ldap.ssoType": "Upon claiming your account, you will only be able to login with LDAP",
+  "claim.email_to_ldap.ssoNote": "You must already have a valid LDAP account",
+  "claim.email_to_ldap.enterPwd": "Enter the password for your {team} {site} email account",
+  "claim.email_to_ldap.pwd": "Password",
+  "claim.email_to_ldap.enterLdapPwd": "Enter the ID and password for your LDAP account",
+  "claim.email_to_ldap.ldapId": "LDAP ID",
+  "claim.email_to_ldap.ldapPwd": "LDAP Password",
+  "claim.email_to_ldap.switchTo": "Switch account to LDAP",
+  "claim.ldap_to_email.pwdError": "Please enter your password.",
+  "claim.ldap_to_email.pwdNotMatch": "Passwords do not match.",
+  "claim.ldap_to_email.ldapPasswordError": "Please enter your LDAP password.",
+  "claim.ldap_to_email.title": "Switch LDAP Account to Email/Password",
+  "claim.ldap_to_email.ssoType": "Upon claiming your account, you will only be able to login with your email and password",
+  "claim.ldap_to_email.email": "You will use the email {email} to login",
+  "claim.ldap_to_email.enterLdapPwd": "Enter your LDAP password for your {team} {site} email account",
+  "claim.ldap_to_email.ldapPwd": "LDAP Password",
+  "claim.ldap_to_email.enterPwd": "Enter a new password for your email account",
+  "claim.ldap_to_email.pwd": "Password",
+  "claim.ldap_to_email.confirm": "Confirm Password",
+  "claim.ldap_to_email.switchTo": "Switch account to email/password",
   "confirm_modal.cancel": "Cancel",
   "create_comment.addComment": "Add a comment...",
   "create_comment.comment": "Add Comment",
@@ -1335,6 +1359,7 @@
   "user.settings.security.switchEmail": "Switch to using email and password",
   "user.settings.security.switchGitlab": "Switch to using GitLab SSO",
   "user.settings.security.switchGoogle": "Switch to using Google SSO",
+  "user.settings.security.switchLda": "Switch to using LDAP",
   "user.settings.security.title": "Security Settings",
   "user.settings.security.viewHistory": "View Access History",
   "user_list.notFound": "No users found :(",
diff --git a/webapp/i18n/es.json b/webapp/i18n/es.json
index 8852dd3c6..9c1665c4e 100644
--- a/webapp/i18n/es.json
+++ b/webapp/i18n/es.json
@@ -633,21 +633,21 @@
   "choose_auth_page.ldapCreate": "Crea un nuevo equipo con tu cuenta de LDAP",
   "choose_auth_page.noSignup": "No hay métodos de inicio de sesión configurad, por favor contacte al administrador de sistemasos",
   "claim.account.noEmail": "No se especifico un correo electrónico.",
-  "claim.email_to_sso.enterPwd": "Ingresa la contraseña para tu cuenta para {team} {site}",
-  "claim.email_to_sso.pwd": "Contraseña",
-  "claim.email_to_sso.pwdError": "Por favor introduce tu contraseña.",
-  "claim.email_to_sso.ssoNote": "Debes tener una cuenta válida con {type}",
-  "claim.email_to_sso.ssoType": "Al reclamar tu cuenta, sólo podrás iniciar sesión con {type} SSO",
-  "claim.email_to_sso.switchTo": "Cambiar cuenta a {uiType}",
-  "claim.email_to_sso.title": "Cambiar Cuenta de Correo/Contraseña a {uiType}",
-  "claim.sso_to_email.confirm": "Confirmar Contraseña",
-  "claim.sso_to_email.description": "Al cambiar el tipo de cuenta, sólo podrás iniciar sesión con tu correo electrónico y contraseña.",
-  "claim.sso_to_email.enterPwd": "Por favor ingresa una contraseña.",
-  "claim.sso_to_email.newPwd": "Nueva Contraseña",
-  "claim.sso_to_email.pwdNotMatch": "Las contraseñas no coinciden.",
-  "claim.sso_to_email.switchTo": "Cambiar {type} a correo electrónico y contraseña",
-  "claim.sso_to_email.title": "Cambiar la cuenta de {type} a Correo Electrónico",
-  "claim.sso_to_email_newPwd": "Ingresa una nueva contraseña para tu cuenta de {team} {site}",
+  "claim.email_to_oauth.enterPwd": "Ingresa la contraseña para tu cuenta para {team} {site}",
+  "claim.email_to_oauth.pwd": "Contraseña",
+  "claim.email_to_oauth.pwdError": "Por favor introduce tu contraseña.",
+  "claim.email_to_oauth.ssoNote": "Debes tener una cuenta válida con {type}",
+  "claim.email_to_oauth.ssoType": "Al reclamar tu cuenta, sólo podrás iniciar sesión con {type} SSO",
+  "claim.email_to_oauth.switchTo": "Cambiar cuenta a {uiType}",
+  "claim.email_to_oauth.title": "Cambiar Cuenta de Correo/Contraseña a {uiType}",
+  "claim.oauth_to_email.confirm": "Confirmar Contraseña",
+  "claim.oauth_to_email.description": "Al cambiar el tipo de cuenta, sólo podrás iniciar sesión con tu correo electrónico y contraseña.",
+  "claim.oauth_to_email.enterPwd": "Por favor ingresa una contraseña.",
+  "claim.oauth_to_email.newPwd": "Nueva Contraseña",
+  "claim.oauth_to_email.pwdNotMatch": "Las contraseñas no coinciden.",
+  "claim.oauth_to_email.switchTo": "Cambiar {type} a correo electrónico y contraseña",
+  "claim.oauth_to_email.title": "Cambiar la cuenta de {type} a Correo Electrónico",
+  "claim.oauth_to_email.newPwd": "Ingresa una nueva contraseña para tu cuenta de {team} {site}",
   "confirm_modal.cancel": "Cancelar",
   "create_comment.addComment": "Agregar un comentario...",
   "create_comment.comment": "Agregar Comentario",
diff --git a/webapp/i18n/pt.json b/webapp/i18n/pt.json
index 41d3bbc1c..0b06b77af 100644
--- a/webapp/i18n/pt.json
+++ b/webapp/i18n/pt.json
@@ -639,21 +639,21 @@
   "choose_auth_page.ldapCreate": "Criar uma nova equipe com uma conta LDAP",
   "choose_auth_page.noSignup": "Nenhum método de inscrição configurado, por favor contate seu administrador do sistema.",
   "claim.account.noEmail": "Nenhum email específicado",
-  "claim.email_to_sso.enterPwd": "Entre a senha para o sua conta {team} {site}",
-  "claim.email_to_sso.pwd": "Senha",
-  "claim.email_to_sso.pwdError": "Por favor digite a sua senha.",
-  "claim.email_to_sso.ssoNote": "Você precisa já ter uma conta {type} válida",
-  "claim.email_to_sso.ssoType": "Ao retirar a sua conta, você só vai ser capaz de logar com SSO {type}",
-  "claim.email_to_sso.switchTo": "Trocar a conta para {uiType}",
-  "claim.email_to_sso.title": "Trocar E-mail/Senha da Conta para {uiType}",
-  "claim.sso_to_email.confirm": "Confirmar senha",
-  "claim.sso_to_email.description": "Após a alteração do tipo de conta, você só vai ser capaz de logar com seu e-mail e senha.",
-  "claim.sso_to_email.enterPwd": "Por favor entre uma senha.",
-  "claim.sso_to_email.newPwd": "Nova Senha",
-  "claim.sso_to_email.pwdNotMatch": "As senha não correspondem.",
-  "claim.sso_to_email.switchTo": "Trocar {type} para email e senha",
-  "claim.sso_to_email.title": "Trocar Conta {type} para E-mail",
-  "claim.sso_to_email_newPwd": "Entre a nova senha para o sua conta {team} {site}",
+  "claim.email_to_oauth.enterPwd": "Entre a senha para o sua conta {team} {site}",
+  "claim.email_to_oauth.pwd": "Senha",
+  "claim.email_to_oauth.pwdError": "Por favor digite a sua senha.",
+  "claim.email_to_oauth.ssoNote": "Você precisa já ter uma conta {type} válida",
+  "claim.email_to_oauth.ssoType": "Ao retirar a sua conta, você só vai ser capaz de logar com SSO {type}",
+  "claim.email_to_oauth.switchTo": "Trocar a conta para {uiType}",
+  "claim.email_to_oauth.title": "Trocar E-mail/Senha da Conta para {uiType}",
+  "claim.oauth_to_email.confirm": "Confirmar senha",
+  "claim.oauth_to_email.description": "Após a alteração do tipo de conta, você só vai ser capaz de logar com seu e-mail e senha.",
+  "claim.oauth_to_email.enterPwd": "Por favor entre uma senha.",
+  "claim.oauth_to_email.newPwd": "Nova Senha",
+  "claim.oauth_to_email.pwdNotMatch": "As senha não correspondem.",
+  "claim.oauth_to_email.switchTo": "Trocar {type} para email e senha",
+  "claim.oauth_to_email.title": "Trocar Conta {type} para E-mail",
+  "claim.oauth_to_email.newPwd": "Entre a nova senha para o sua conta {team} {site}",
   "confirm_modal.cancel": "Cancelar",
   "create_comment.addComment": "Adicionar um comentário...",
   "create_comment.comment": "Adicionar Comentário",
diff --git a/webapp/root.jsx b/webapp/root.jsx
index 6ab5e80a0..bb5f506c1 100644
--- a/webapp/root.jsx
+++ b/webapp/root.jsx
@@ -35,7 +35,6 @@ import SignupUserComplete from 'components/signup_user_complete.jsx';
 import ShouldVerifyEmail from 'components/should_verify_email.jsx';
 import DoVerifyEmail from 'components/do_verify_email.jsx';
 import AdminConsole from 'components/admin_console/admin_controller.jsx';
-import ClaimAccount from 'components/claim/claim_account.jsx';
 
 import SignupTeamComplete from 'components/signup_team_complete/components/signup_team_complete.jsx';
 import WelcomePage from 'components/signup_team_complete/components/team_signup_welcome_page.jsx';
@@ -46,6 +45,12 @@ import UsernamePage from 'components/signup_team_complete/components/team_signup
 import PasswordPage from 'components/signup_team_complete/components/team_signup_password_page.jsx';
 import FinishedPage from 'components/signup_team_complete/components/team_signup_finished.jsx';
 
+import Claim from 'components/claim/claim.jsx';
+import EmailToOAuth from 'components/claim/components/email_to_oauth.jsx';
+import OAuthToEmail from 'components/claim/components/oauth_to_email.jsx';
+import LDAPToEmail from 'components/claim/components/ldap_to_email.jsx';
+import EmailToLDAP from 'components/claim/components/email_to_ldap.jsx';
+
 import {addLocaleData} from 'react-intl';
 import enLocaleData from 'react-intl/locale-data/en';
 import esLocaleData from 'react-intl/locale-data/es';
@@ -308,10 +313,6 @@ function renderRootComponent() {
                             component={Login}
                         />
                         <Route
-                            path='claim'
-                            component={ClaimAccount}
-                        />
-                        <Route
                             path='reset_password'
                             component={PasswordResetSendLink}
                         />
@@ -319,6 +320,27 @@ function renderRootComponent() {
                             path='reset_password_complete'
                             component={PasswordResetForm}
                         />
+                        <Route
+                            path='claim'
+                            component={Claim}
+                        >
+                            <Route
+                                path='oauth_to_email'
+                                component={OAuthToEmail}
+                            />
+                            <Route
+                                path='email_to_oauth'
+                                component={EmailToOAuth}
+                            />
+                            <Route
+                                path='email_to_ldap'
+                                component={EmailToLDAP}
+                            />
+                            <Route
+                                path='ldap_to_email'
+                                component={LDAPToEmail}
+                            />
+                        </Route>
                     </Route>
                 </Route>
             </Route>
diff --git a/webapp/utils/client.jsx b/webapp/utils/client.jsx
index e29cf71d3..d42767d31 100644
--- a/webapp/utils/client.jsx
+++ b/webapp/utils/client.jsx
@@ -256,38 +256,72 @@ export function resetPassword(data, success, error) {
     track('api', 'api_users_reset_password');
 }
 
-export function switchToSSO(data, success, error) {
+export function emailToOAuth(data, success, error) {
     $.ajax({
-        url: '/api/v1/users/switch_to_sso',
+        url: '/api/v1/users/claim/email_to_oauth',
         dataType: 'json',
         contentType: 'application/json',
         type: 'POST',
         data: JSON.stringify(data),
         success,
         error: function onError(xhr, status, err) {
-            var e = handleError('switchToSSO', xhr, status, err);
+            var e = handleError('emailToOAuth', xhr, status, err);
             error(e);
         }
     });
 
-    track('api', 'api_users_switch_to_sso');
+    track('api', 'api_users_email_to_oauth');
 }
 
-export function switchToEmail(data, success, error) {
+export function oauthToEmail(data, success, error) {
     $.ajax({
-        url: '/api/v1/users/switch_to_email',
+        url: '/api/v1/users/claim/oauth_to_email',
         dataType: 'json',
         contentType: 'application/json',
         type: 'POST',
         data: JSON.stringify(data),
         success,
         error: function onError(xhr, status, err) {
-            var e = handleError('switchToEmail', xhr, status, err);
+            var e = handleError('oauthToEmail', xhr, status, err);
             error(e);
         }
     });
 
-    track('api', 'api_users_switch_to_email');
+    track('api', 'api_users_oauth_to_email');
+}
+
+export function emailToLDAP(data, success, error) {
+    $.ajax({
+        url: '/api/v1/users/claim/email_to_ldap',
+        dataType: 'json',
+        contentType: 'application/json',
+        type: 'POST',
+        data: JSON.stringify(data),
+        success,
+        error: function onError(xhr, status, err) {
+            var e = handleError('emailToLDAP', xhr, status, err);
+            error(e);
+        }
+    });
+
+    track('api', 'api_users_email_to_ldap');
+}
+
+export function ldapToEmail(data, success, error) {
+    $.ajax({
+        url: '/api/v1/users/claim/ldap_to_email',
+        dataType: 'json',
+        contentType: 'application/json',
+        type: 'POST',
+        data: JSON.stringify(data),
+        success,
+        error: function onError(xhr, status, err) {
+            var e = handleError('ldapToEmail', xhr, status, err);
+            error(e);
+        }
+    });
+
+    track('api', 'api_users_ldap_to_email');
 }
 
 export function logout(success, error) {
diff --git a/webapp/utils/constants.jsx b/webapp/utils/constants.jsx
index 859348c73..ae9fdc5fb 100644
--- a/webapp/utils/constants.jsx
+++ b/webapp/utils/constants.jsx
@@ -185,6 +185,7 @@ export default {
     OFFTOPIC_CHANNEL: 'off-topic',
     GITLAB_SERVICE: 'gitlab',
     GOOGLE_SERVICE: 'google',
+    LDAP_SERVICE: 'ldap',
     EMAIL_SERVICE: 'email',
     SIGNIN_CHANGE: 'signin_change',
     SIGNIN_VERIFIED: 'verified',