Bug #100333 LDAP plugin error message confusing
Submitted: 27 Jul 13:57 Modified: 28 Jul 14:01
Reporter: Oli Sennhauser Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Pluggable Authentication Severity:S3 (Non-critical)
Version:8.0.21 OS:Linux (n.a.)
Assigned to: CPU Architecture:x86 (n.a.)

[27 Jul 13:57] Oli Sennhauser
Description:
LDAP error: "Operations error" is bad error message. This is not an error on LDAP server but an authentication problem as the first part of the message states: "Search user group has failed" and "LDAP authentication failed or group retrieval failed".

[Note] [MY-013353] [Server] Plugin authentication_ldap_simple reported: 'Parsing mapping info, LDAP group: App1_DEV_Read MySQL proxy: App1_DEV_Read'
[Note] [MY-013351] [Server] Plugin authentication_ldap_simple reported: 'Getting next mapping information'
[ERROR] [MY-013354] [Server] Plugin authentication_ldap_simple reported: 'Mapping parsing error'
[Note] [MY-011799] [Server] Plugin authentication_ldap_simple reported: 'Search user group has failed:  LDAP error: Operations error'
[ERROR] [MY-011798] [Server] Plugin authentication_ldap_simple reported: 'LDAP authentication failed or group retrieval failed:  LDAP error: Operations error'
[Note] [MY-011783] [Server] Plugin authentication_ldap_simple reported: 'Ldap_connection_pool::put connection in pushed in the pool'
[Note] [MY-011779] [Server] Plugin authentication_ldap_simple reported: 'Ldap_authentication::de_initialize putting back connection in the pool'
[Note] [MY-010926] [Server] Access denied for user 'App2_Dev_Admin_User1'@'localhost' (using password: YES)

How to repeat:
Connect with a user without a group mapping.

Suggested fix:
Possibly switching both parts would help to reduce confusion:

Plugin authentication_ldap_simple reported: 'LDAP error: Operations error: Search user group has failed'
Plugin authentication_ldap_simple reported: 'LDAP error: Operations error: LDAP authentication failed or group retrieval failed'
[28 Jul 14:01] MySQL Verification Team
Hello Oli Sennhauser,

Thank you for report and feedback.
Verifying based on my discussion with Developer(Yashwant Sahu).

regards,
Umesh