ithilgers / ldap-role-merger
Merge two LDAP groups into a single TYPO3 frontend group when a user is member of both. Add-on for ig_ldap_sso_auth.
Maintainers
Package info
github.com/ithilgers/ldap-role-merger
Type:typo3-cms-extension
pkg:composer/ithilgers/ldap-role-merger
Requires
- causal/ig_ldap_sso_auth: ^4.2
- typo3/cms-core: ^12.4
README
TYPO3 12 extension. Merges two LDAP groups into a single TYPO3 frontend group when a user is member of both. Companion extension for causal/ig_ldap_sso_auth.
Use case
You sync LDAP groups to TYPO3 fe_groups via ig_ldap_sso_auth. A user that is member of both mapped LDAP groups should not end up with both fe_groups attached, but with a third dedicated group instead. This extension hooks into the AfterComputeUserGroupsEvent and replaces the two source groups with the configured target group.
If the user is in only one of the source groups (or in none), nothing happens.
Installation
composer require ithilgers/ldap-role-merger
Requires TYPO3 ^12.4 and causal/ig_ldap_sso_auth ^4.2.
Configuration
In the TYPO3 backend: Settings → Extension Configuration → ldap_role_merger
| Field | Description |
|---|---|
firstGroupDn |
LDAP DN of the first source group (must match tx_igldapssoauth_dn on the corresponding fe_group exactly) |
secondGroupDn |
LDAP DN of the second source group |
targetFeGroup |
UID (recommended) or title of the fe_group that replaces both source groups |
As long as one of the three fields is empty, the listener is a no-op. That is the deliberate default after install.
How it works
A single PSR-14 event listener on Causal\IgLdapSsoAuth\Event\AfterComputeUserGroupsEvent. On every login it inspects the resolved fe_groups, looks for the two source DNs, and if both are present, removes them and adds the target group. Source: Classes/EventListener/MergeLdapRolesIntoFeGroup.php.
License
GPL-2.0-or-later