Bug #119500 MySql.Data 8.4.0 Fails with "Access denied" during mysql_clear_password (LDAP) handshake, while MySQL CLI succeeds.
Submitted: 3 Dec 15:23
Reporter: Yanfei Wu Email Updates:
Status: Open Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:8.4 OS:Any
Assigned to: CPU Architecture:Any
Tags: LDAP

[3 Dec 15:23] Yanfei Wu 
Description:
I am attempting to connect to a MySQL 8.0 Server configured with LDAP authentication (using the mysql_clear_password plugin) over SSL, utilizing the official Oracle MySql.Data Connector/NET (version 8.4.0).

The connection works successfully using the standard MySQL Command Line Interface (CLI) by explicitly enabling the cleartext-plugin. However, when attempting to connect using the .NET application code, the connection fails during the authentication handshake with an "Access denied" exception. This suggests an issue with the driver's implementation or handling of the mysql_clear_password plugin exchange.

How to repeat:
1. Successful Scenario (MySQL CLI): The database connection succeeds using the following command, confirming that the credentials and server configuration (LDAP/SSL) are correct.

Connection Command:

mysql -u user -p ****** -h ip --enable-cleartext-plugin --ssl-mode=REQUIRED
Result: Connection Successful.

2. Failed Scenario (.NET MySql.Data): The connection fails during the authentication handshake when using the C# connector.

C# Connection String Example:

Server=******;Port=******;Database=******;uid=******;password=******;SslMode=Required; 

Exception Message:

exception message: Authentication to host '******' for user '******' using method 'mysql_clear_password' failed with message: Access denied for user '******'@'******' (using password: YES)
Analysis: The failure occurs when the driver tries to handle the server's request for the mysql_clear_password authentication method.