LDAPS Search does not work for two hosts in special domain

Since the migration to a new Firmware and CheckMK VErsion we got two hosts where we’Re not able to make the LDAPS Search Check Work. - The issue is similar to what is mentioned here →

We already removed the corrosponding CA and added it once again, but that didn’t help in any way.

The LDAPS Port (636) is open - telnet to the port works.

Also LDAPS Checks work for other hosts that belong to another domain, with another CA.

It’s really strange, that it stopped working when we moved to firmware 1.5.4 with checkMK 2.0p29.

Is the SSL implementation of the LDAP server too old or configured to only use older ciphers.
A new firmware brings a new libssl to the appliance which may not want to connect to older TLS versions.

1 Like

That is a good hint. Thx for it. Is it possible to enable the support of older versions again on the CheckMK VirtAppliance?

We’ve found the issue, i suggest - the Admins of the LDAP machine found that they do not support sha256 yet and that possibly is the issue - they are going to fix it soon. Hopefully that will bring ‘up’ the LDAPS Search check.

Unfortunately the missing SHA256 support wasn’t the cause. The LDAP Admins fixed that, but the error of the check is still the same. - Any other ideas, hints?

Just for testing i configured an LDAP rule for LDAP connection with the same settings, and that also failes. I don’t have any further clues. - Will create a ticket now.