You can't have both custom_authenticator and form_login_ldap active on the same firewall simultaneously. Symfony only uses one authenticator per request.
So Write a single custom authenticator that first tries LDAP logic and, if that fails, falls back to your custom logic (or vice versa).
Symfony’s new security system is designed for this: chain your logic inside the authenticator instead of in security.yaml.
Example:
Inside your custom authenticator, inject both LDAP service + your local user service
Try LDAP bind first; if that fails, try local
This way, you control the flow and only register one authenticator in the firewall.