From e51b502d7468f98095fb309e730e13e5354dad7e Mon Sep 17 00:00:00 2001
From: Michael Hirschler <michael.vhirsch@gmail.com>
Date: Wed, 1 Feb 2023 14:22:13 +0100
Subject: [PATCH] fixes retrieving multiple values for extra fields

---
 .../Ldap/Security/LdapUserProvider.php        |  3 ++
 .../Tests/Security/LdapUserProviderTest.php   | 46 +++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/src/Symfony/Component/Ldap/Security/LdapUserProvider.php b/src/Symfony/Component/Ldap/Security/LdapUserProvider.php
index bbb9731c389cc..79ee17daef376 100644
--- a/src/Symfony/Component/Ldap/Security/LdapUserProvider.php
+++ b/src/Symfony/Component/Ldap/Security/LdapUserProvider.php
@@ -187,6 +187,9 @@ private function getAttributeValue(Entry $entry, string $attribute)
         }
 
         $values = $entry->getAttribute($attribute);
+        if (!\in_array($attribute, [$this->uidKey, $this->passwordAttribute])) {
+            return $values;
+        }
 
         if (1 !== \count($values)) {
             throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $attribute));
diff --git a/src/Symfony/Component/Ldap/Tests/Security/LdapUserProviderTest.php b/src/Symfony/Component/Ldap/Tests/Security/LdapUserProviderTest.php
index 32f6d60d5df3b..5327540b86e95 100644
--- a/src/Symfony/Component/Ldap/Tests/Security/LdapUserProviderTest.php
+++ b/src/Symfony/Component/Ldap/Tests/Security/LdapUserProviderTest.php
@@ -333,6 +333,52 @@ public function testLoadUserByUsernameIsSuccessfulWithPasswordAttribute()
         $this->assertInstanceOf(LdapUser::class, $provider->loadUserByIdentifier('foo'));
     }
 
+    public function testLoadUserByIdentifierIsSuccessfulWithMultipleExtraAttributes()
+    {
+        $result = $this->createMock(CollectionInterface::class);
+        $query = $this->createMock(QueryInterface::class);
+        $query
+            ->expects($this->once())
+            ->method('execute')
+            ->willReturn($result)
+        ;
+        $ldap = $this->createMock(LdapInterface::class);
+        $memberOf = [
+            'cn=foo,ou=MyBusiness,dc=symfony,dc=com',
+            'cn=bar,ou=MyBusiness,dc=symfony,dc=com',
+        ];
+        $result
+            ->expects($this->once())
+            ->method('offsetGet')
+            ->with(0)
+            ->willReturn(new Entry('foo', [
+                'sAMAccountName' => ['foo'],
+                'userpassword' => ['bar'],
+                'memberOf' => $memberOf,
+            ]))
+        ;
+        $result
+            ->expects($this->once())
+            ->method('count')
+            ->willReturn(1)
+        ;
+        $ldap
+            ->expects($this->once())
+            ->method('escape')
+            ->willReturn('foo')
+        ;
+        $ldap
+            ->expects($this->once())
+            ->method('query')
+            ->willReturn($query)
+        ;
+
+        $provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={user_identifier})', 'userpassword', ['memberOf']);
+        $user = $provider->loadUserByIdentifier('foo');
+        $this->assertInstanceOf(LdapUser::class, $user);
+        $this->assertSame(['memberOf' => $memberOf], $user->getExtraFields());
+    }
+
     public function testRefreshUserShouldReturnUserWithSameProperties()
     {
         $ldap = $this->createMock(LdapInterface::class);