Skip to content

Typed property Symfony\Component\Ldap\Security\LdapUser::$password must not be accessed before initialization #60635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
fundo-moretti opened this issue Jun 2, 2025 · 3 comments
Closed

Typed property Symfony\Component\Ldap\Security\LdapUser::$password must not be accessed before initialization #60635

fundo-moretti opened this issue Jun 2, 2025 · 3 comments
Labels
Bug Ldap Status: Needs Review Status: Waiting feedback

Comments

@fundo-moretti
Copy link

Symfony version(s) affected

7.3.0

Description

Hi,

Since version 7.3.0, property Symfony\Component\Ldap\Security\LdapUser::$password is removed from serialization in method Symfony\Component\Ldap\Security\LdapUser::__serialize() causing an error when calling Symfony\Component\Ldap\Security\LdapUserProvider::refreshUser() after sucessful login.

Removing method Symfony\Component\Ldap\Security\LdapUser::__serialize() fix this error.

Here is my security configuration:

# config/packages/security.yaml
security:
    providers:
        ldap_user_provider:
            ldap:
                service: Symfony\Component\Ldap\Ldap
                base_dn: '%env(LDAP_BASE_DN)%'
                search_dn: '%env(LDAP_SEARCH_DN)%'
                search_password: '%env(LDAP_SEARCH_PASSWORD)%'
                default_roles: ROLE_LDAP_USER
                uid_key: '%env(LDAP_UID_KEY)%'
                extra_fields: ['sn', 'givenName']
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            lazy: true
            form_login_ldap:
                login_path: app_login
                check_path: app_login
                service: Symfony\Component\Ldap\Ldap
                dn_string: '%env(LDAP_DN_STRING)%'
                search_dn: '%env(LDAP_SEARCH_DN)%'
                search_password: '%env(LDAP_SEARCH_PASSWORD)%'
                query_string: '%env(LDAP_QUERY_STRING)%'
                enable_csrf: true
            logout:
                path: app_logout

How to reproduce

Sign in using LDAP provider.

Possible Solution

Maybe setting $this->password to null in __serialize()?

Additional Context

No response
@xabbuh
Copy link
Member

xabbuh commented Jun 2, 2025

Fixed by #60626?

@fundo-moretti
Copy link
Author

@xabbuh, yes!

@xabbuh
Copy link
Member

xabbuh commented Jun 3, 2025

thanks for confirming

@xabbuh xabbuh closed this as completed Jun 3, 2025
@MatTheCat MatTheCat mentioned this issue Jun 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Ldap Status: Needs Review Status: Waiting feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xabbuh @fundo-moretti @carsonbot