diff --git a/internal/middleware/context_middleware.go b/internal/middleware/context_middleware.go
index f0863c9c..a75582a7 100644
--- a/internal/middleware/context_middleware.go
+++ b/internal/middleware/context_middleware.go
@@ -251,6 +251,10 @@ func (m *ContextMiddleware) basicAuth(username string, password string) (*model.
 	case model.UserLocal:
 		user := m.auth.GetLocalUser(username)
 
+		if user == nil {
+			return nil, nil, fmt.Errorf("user not found locally: %s", username)
+		}
+
 		if user.TOTPSecret != "" {
 			return nil, nil, fmt.Errorf("user with totp not allowed to login via basic auth: %s", username)
 		}
diff --git a/internal/service/access_controls_rules.go b/internal/service/access_controls_rules.go
index 3e357e60..3fc6d51b 100644
--- a/internal/service/access_controls_rules.go
+++ b/internal/service/access_controls_rules.go
@@ -114,7 +114,7 @@ type LDAPGroupRule struct {
 }
 
 func (rule *LDAPGroupRule) Evaluate(ctx *ACLContext) Effect {
-	if ctx == nil || ctx.UserContext == nil {
+	if ctx == nil || ctx.UserContext == nil || ctx.ACLs == nil {
 		return EffectAbstain
 	}