I’m fine with the concept but I don’t fully agree with the proposed implementation which mixes two different things IMO.
I would keep the existing code the way it is but I would add a new check after getting the DN that if we don’t know the user profile yet (the one searched based on the uid) try to find an existing one but based on the DN this time. In most cases where the login is stable (and even in the use case you described I’m sure that many users mostly use the same login) the current logic is faster so I prefer to keep it like this but it also make perfect sense to also check for the DN later (when you enable this extra search) to be sure to not cause any duplicates.