Skip to content

LdapUser password property accessed before initialization #60652

@trobin91

Description

@trobin91

Symfony version(s) affected

7.3.0

Description

Since upgrading the Symfony framework from 7.2.6 to 7.3.0, I consistently have the following error using the symfony/ldap component when logging to my app:

Error:
Typed property Symfony\Component\Ldap\Security\LdapUser::$password must not be accessed before initialization

  at vendor/symfony/ldap/Security/LdapUser.php:50
  at Symfony\Component\Ldap\Security\LdapUser->getPassword()
     (vendor/symfony/ldap/Security/LdapUserProvider.php:106)
  at Symfony\Component\Ldap\Security\LdapUserProvider->refreshUser()
     (vendor/symfony/security-http/Firewall/ContextListener.php:212)
  at Symfony\Component\Security\Http\Firewall\ContextListener->refreshUser()
     (vendor/symfony/security-http/Firewall/ContextListener.php:129)
  at Symfony\Component\Security\Http\Firewall\ContextListener->authenticate()
     (vendor/symfony/security-bundle/Debug/WrappedLazyListener.php:46)
  at Symfony\Bundle\SecurityBundle\Debug\WrappedLazyListener->authenticate()
     (vendor/symfony/security-bundle/Security/LazyFirewallContext.php:61)
  at Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext->__invoke()
     (vendor/symfony/security-bundle/Debug/TraceableFirewallListener.php:91)
  at Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener->callListeners()
     (vendor/symfony/security-http/Firewall.php:92)
  at Symfony\Component\Security\Http\Firewall->onKernelRequest()
     (vendor/symfony/event-dispatcher/Debug/WrappedListener.php:115)
  at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke()
     (vendor/symfony/event-dispatcher/EventDispatcher.php:206)
  at Symfony\Component\EventDispatcher\EventDispatcher->callListeners()
     (vendor/symfony/event-dispatcher/EventDispatcher.php:56)
  at Symfony\Component\EventDispatcher\EventDispatcher->dispatch()
     (vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:126)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch()
     (vendor/symfony/http-kernel/HttpKernel.php:159)
  at Symfony\Component\HttpKernel\HttpKernel->handleRaw()
     (vendor/symfony/http-kernel/HttpKernel.php:76)
  at Symfony\Component\HttpKernel\HttpKernel->handle()
     (vendor/symfony/http-kernel/Kernel.php:182)
  at Symfony\Component\HttpKernel\Kernel->handle()
     (vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php:35)
  at Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner->run()
     (vendor/autoload_runtime.php:29)
  at require_once('/var/www/html/vendor/autoload_runtime.php')
     (public/index.php:5)

How to reproduce

Here is my configuration that was previously working on 7.2.6, based on the official documentation:

config/services.yaml

services:
    ...
    Symfony\Component\Ldap\Ldap:
        arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
        tags:
            - ldap
    Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
        arguments:
            - host: "%env(LDAP_HOST)%"
              port: 389
              encryption: none
              options:
                  protocol_version: 3
                  referrals: false

config/packages/security.yaml

security:
    ...
    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
        ldap_provider:
            ldap:
                service: Symfony\Component\Ldap\Ldap
                base_dn: "%env(LDAP_BASE_DN)%"
                search_dn: "%env(LDAP_BIND_DN)%"
                search_password:  "%env(LDAP_BIND_PASSWORD)%"
                default_roles: ROLE_USER
                extra_fields: ['mail']
    firewalls:
        # activate different ways to authenticate
        # https://symfony.com/doc/current/security.html#the-firewall
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            lazy: true
            form_login_ldap:
                service: Symfony\Component\Ldap\Ldap
                provider: ldap_provider
                login_path: app_login
                check_path: app_login
                dn_string: "{user_identifier}@%env(LDAP_DOMAIN)%"
                enable_csrf: true
            logout:
                path: /logout
                target: app_login

Possible Solution

No response

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions