diff --git a/apps/user_ldap/lib/AppInfo/Application.php b/apps/user_ldap/lib/AppInfo/Application.php
index 79998a580e540..d12a02096b1aa 100644
--- a/apps/user_ldap/lib/AppInfo/Application.php
+++ b/apps/user_ldap/lib/AppInfo/Application.php
@@ -31,15 +31,15 @@
 use OCA\User_LDAP\Controller\RenewPasswordController;
 use OCA\User_LDAP\Events\GroupBackendRegistered;
 use OCA\User_LDAP\Events\UserBackendRegistered;
-use OCA\User_LDAP\Group_Proxy;
 use OCA\User_LDAP\GroupPluginManager;
+use OCA\User_LDAP\Group_Proxy;
 use OCA\User_LDAP\Handler\ExtStorageConfigHandler;
 use OCA\User_LDAP\Helper;
 use OCA\User_LDAP\ILDAPWrapper;
 use OCA\User_LDAP\LDAP;
 use OCA\User_LDAP\Notification\Notifier;
-use OCA\User_LDAP\User_Proxy;
 use OCA\User_LDAP\UserPluginManager;
+use OCA\User_LDAP\User_Proxy;
 use OCP\AppFramework\App;
 use OCP\AppFramework\Bootstrap\IBootContext;
 use OCP\AppFramework\Bootstrap\IBootstrap;
@@ -50,6 +50,7 @@
 use OCP\IL10N;
 use OCP\IServerContainer;
 use OCP\Notification\IManager as INotificationManager;
+use OCP\User\Events\PostLoginEvent;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 
 class Application extends App implements IBootstrap {
@@ -117,6 +118,7 @@ public function boot(IBootContext $context): void {
 		});
 
 		$context->injectFn(Closure::fromCallable([$this, 'registerBackendDependents']));
+		$context->injectFn(Closure::fromCallable([$this, 'registerFirstLoginListener']));
 
 		\OCP\Util::connectHook(
 			'\OCA\Files_Sharing\API\Server2Server',
@@ -137,4 +139,14 @@ function () use ($appContainer) {
 			}
 		);
 	}
+
+	private function registerFirstLoginListener(EventDispatcherInterface $dispatcher) {
+		$dispatcher->addServiceListener(PostLoginEvent::class, FirstLoginListener::class);
+		\OCP\Util::connectHook(
+			'\OC\User',
+			'assignedUserId',
+			FirstLoginListener::class,
+			'onAssignedId'
+		);
+	}
 }
diff --git a/apps/user_ldap/lib/FirstLoginListener.php b/apps/user_ldap/lib/FirstLoginListener.php
new file mode 100644
index 0000000000000..327b576bbb090
--- /dev/null
+++ b/apps/user_ldap/lib/FirstLoginListener.php
@@ -0,0 +1,140 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2022, Côme Chilliet <come.chilliet@nextcloud.com>
+ *
+ * @author Côme Chilliet <come.chilliet@nextcloud.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\User_LDAP;
+
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventDispatcher;
+use OCP\EventDispatcher\IEventListener;
+use OCP\Group\Events\UserAddedEvent;
+use OCP\IDBConnection;
+use OCP\IGroupManager;
+use OCP\IUser;
+use OCP\IUserManager;
+use OCP\User\Events\PostLoginEvent;
+use Psr\Log\LoggerInterface;
+
+class FirstLoginListener implements IEventListener {
+	protected $somekindofstatefulhandler;
+
+	/** @var Group_Proxy */
+	private $groupBackend;
+	/** @var IEventDispatcher */
+	private $dispatcher;
+	/** @var IGroupManager */
+	private $groupManager;
+	/** @var IUserManager */
+	private $userManager;
+	/** @var LoggerInterface */
+	private $logger;
+	/** @var IDBConnection */
+	private $dbc;
+
+	public function __construct(
+		Group_Proxy $groupBackend,
+		IEventDispatcher $dispatcher,
+		IGroupManager $groupManager,
+		IUserManager $userManager,
+		LoggerInterface $logger,
+		IDBConnection $dbc
+	) {
+		$this->groupBackend = $groupBackend;
+		$this->dispatcher = $dispatcher;
+		$this->groupManager = $groupManager;
+		$this->userManager = $userManager;
+		$this->logger = $logger;
+		$this->dbc = $dbc;
+	}
+
+	public function handle(Event $event): void {
+		if ($event instanceof PostLoginEvent) {
+			$this->onPostLogin($event->getUser());
+		}
+	}
+
+	public function onAssignedId(string $username): void {
+		$this->somekindofstatefulhandler[$username]['id'] = 1;
+		$this->triggerUpdateGroups($username);
+	}
+
+	public function onPostLogin(string $username): void {
+		$this->somekindofstatefulhandler[$username]['login'] = 1;
+		$this->triggerUpdateGroups($username);
+	}
+
+	private function triggerUpdateGroups(string $username): void {
+		if (array_sum($this->somekindofstatefulhandler[$username] ?? []) >= 2) {
+			$this->updateGroups($username);
+		}
+	}
+
+	private function updateGroups(string $username): void {
+		$groups = $this->groupBackend->getUserGroups($username);
+
+		$qb = $this->dbc->getQueryBuilder();
+		$qb->select(['owncloudusers'])
+			->from('ldap_group_members')
+			->where($qb->expr()->eq('owncloudname', $qb->createParameter('groupId')));
+
+		$qbUpdate = $this->dbc->getQueryBuilder();
+		$qbUpdate->update('ldap_group_members')
+			->set('owncloudusers', $qb->createParameter('members'))
+			->where($qb->expr()->eq('owncloudname', $qb->createParameter('groupId')));
+
+		foreach ($groups as $group) {
+			$qb->setParameters([
+				'groupId' => $group
+			]);
+
+			$qResult = $qb->execute();
+			$data = $qResult->fetchOne();
+			$qResult->closeCursor();
+
+			$knownUsers = unserialize($data['owncloudusers']);
+			$hasChanged = false;
+
+			$groupObject = $this->groupManager->get($group);
+			if (!in_array($username, $knownUsers)) {
+				$userObject = $this->userManager->get($username);
+				if ($userObject instanceof IUser) {
+					$this->dispatcher->dispatchTyped(new UserAddedEvent($groupObject, $userObject));
+					$this->logger->info(
+						__CLASS__ . ' – {user} added to {group}',
+						[
+							'app' => 'user_ldap',
+							'user' => $username,
+							'group' => $group
+						]
+					);
+					$qbUpdate->setParameters([
+						'members' => serialize(array_merge($knownUsers, [$username])),
+						'groupId' => $group
+					]);
+					$qbUpdate->execute();
+				}
+			}
+		}
+	}
+}