Closed
Description
Symfony version(s) affected
7.3.0
Description
Hi,
Since version 7.3.0, property Symfony\Component\Ldap\Security\LdapUser::$password is removed from serialization in method Symfony\Component\Ldap\Security\LdapUser::__serialize() causing an error when calling Symfony\Component\Ldap\Security\LdapUserProvider::refreshUser() after sucessful login.
Removing method Symfony\Component\Ldap\Security\LdapUser::__serialize() fix this error.
Here is my security configuration:
# config/packages/security.yaml
security:
providers:
ldap_user_provider:
ldap:
service: Symfony\Component\Ldap\Ldap
base_dn: '%env(LDAP_BASE_DN)%'
search_dn: '%env(LDAP_SEARCH_DN)%'
search_password: '%env(LDAP_SEARCH_PASSWORD)%'
default_roles: ROLE_LDAP_USER
uid_key: '%env(LDAP_UID_KEY)%'
extra_fields: ['sn', 'givenName']
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
form_login_ldap:
login_path: app_login
check_path: app_login
service: Symfony\Component\Ldap\Ldap
dn_string: '%env(LDAP_DN_STRING)%'
search_dn: '%env(LDAP_SEARCH_DN)%'
search_password: '%env(LDAP_SEARCH_PASSWORD)%'
query_string: '%env(LDAP_QUERY_STRING)%'
enable_csrf: true
logout:
path: app_logout
How to reproduce
Sign in using LDAP provider.
Possible Solution
Maybe setting $this->password to null in __serialize()?
Additional Context
No response