Symfony2 ACL - can't set multiple user sources on a single provider

Why don't you chain providers? The documentation that you're referring states that you can use multiple user providers "...by creating a new provider that chains the two together".

http://symfony.com/doc/current/book/security.html#using-multiple-user-providers

Each authentication mechanism (e.g. HTTP Authentication, form login, etc) uses exactly one user provider, and will use the first declared user provider by default. But what if you want to specify a few users via configuration and the rest of your users in the database? This is possible by creating a new provider that chains the two together.

Now, all authentication mechanisms will use the chain_provider, since it's the first specified. The chain_provider will, in turn, try to load the user from both the in_memory and user_db providers.

All you have to do is to setup a chain provider.

# app/config/security.ymlsecurity:    providers:        main_provider:            chain:                providers: [memory_provider, entity_provider]        memory_provider:            memory:                users:                    foo: { password: test }        entity_provider:            entity:                class: Company\EntitiesBundle\Entity\User                property: username

Which Symfony version are you using? If 2.0, in 2.0 documentation the configuration is slightly different:

# app/config/security.ymlsecurity:    providers:        main_provider:            users:                foo: { password: test }            entity: { class: Acme\UserBundle\Entity\User, property: username }

Notice the memory key missing.