I think this is already in the roadmap for 3.x, at "Account Linking" (https://docs.requarks.io/releases/roadmap#h-3x)

Just a note: I recently debated this exact feature with a team for a project I'm working on. In general we loved the idea, but it left a bit of a vulnerability. Say I have an account with 2FA that I use to sign in, but I also have an account with another identity provider that has no 2FA and a weak password, but the same email (maybe it was created for some testing or something). Then, if someone broke my weak account, they could access the sign-in with the less secure identity provider account. We settled on allowing the user to manually link the other identity providers to their account, but not doing it automatically when they try to sign in. That way it is up to the user to intentionally link it, and there are no surprise access loopholes.

tl;dr: great idea, don't link the account automatically

This has also been asked by some folks on the GitHub issues page: https://github.com/Requarks/wiki/issues/1497

To add to the discussion, GitLab does this by checking for the same email address. I feel like email addresses appear to be something unique enough for this, it would work with pretty much all current services, LDAP included, but it could cause problems with services like "generic" OAuth, but at this point I'd argue it's the Admin's problem for adding an authentication method that doesn't verify email addresses.