https://community.dynatrace.com/t5/Extensions/LDAP-Synthetic-connectivity/m-p/294135#M7032 <P><STRONG>Good morning,</STRONG></P><P>We are experiencing issues getting the <STRONG>LDAP Synthetic extension</STRONG> to work in Dynatrace. The extension is fully configured, but it always returns an SSL handshake error, as shown in the following <STRONG>ActiveGate log entry</STRONG>:</P><P><FONT size="1 2 3 4 5 6 7">[912d4363-e154-343e-ade5-629f15259bb5][-5664247153095800450][3658611][err]</FONT></P><P><FONT size="1 2 3 4 5 6 7">2026-02-03 17:04:15,006 [ERROR] (ThreadPoolExecutor-0_0):</FONT></P><P><FONT size="1 2 3 4 5 6 7">DEC:127 Unknown error. Failed to connect to LDAP Server on</FONT></P><P><FONT size="1 2 3 4 5 6 7">ldaps:// XXXXXX.servidores.net:636 - ssl :</FONT></P><P><FONT size="1 2 3 4 5 6 7">("('socket ssl wrapping error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE]</FONT></P><P><FONT size="1 2 3 4 5 6 7">ssl/tls alert handshake failure (_ssl.c:1017)',)",)</FONT></P><P>Initially, this pointed to a potential <STRONG>connectivity issue between the ActiveGate and the LDAP server</STRONG>. However, we have verified that <STRONG>network connectivity from ActiveGate is correct</STRONG>, by using the command: <FONT size="1 2 3 4 5 6 7">openssl s_client -connect XXXXXX.servidores.net:636</FONT><BR />We have also verified <STRONG>TLS 1.2 negotiation and the server certificate</STRONG>, confirming that:</P><UL><LI>The certificate includes valid <STRONG>SAN entries</STRONG></LI><LI>The cipher suite is compatible</LI><LI>TLS 1.2 is correctly negotiated</LI></UL><P>After ruling out connectivity and TLS configuration issues, we used <STRONG>ldapsearch from the ActiveGate host</STRONG> to validate the LDAP parameters used in the extension and to confirm that the LDAP connection itself works correctly.</P><P>The bind operation succeeds (correct user and password), and the LDAP server returns the expected <STRONG>namingContexts</STRONG>.</P><P>We then executed <STRONG>the exact same LDAP query from the ActiveGate</STRONG> using ldapsearch, matching <STRONG>all parameters configured in the LDAP Synthetic extension</STRONG> (Bind DN, Base DN,pass, filter, LDAPS, port 636).<BR />This test returns data successfully.</P><P><STRONG><U>Summary</U></STRONG></P><P>From the <STRONG>ActiveGate host</STRONG>, we can confirm:</P><UL><LI>TLS 1.2 works correctly</LI><LI>The LDAP certificate is valid and trusted</LI><LI>Bind DN and Base DN are correct</LI><LI>LDAP searches return results</LI><LI>No SSL/TLS handshake errors occur</LI></UL><P>From the <STRONG>LDAP Synthetic extension</STRONG>:</P><UL><LI>The configuration is exactly the same</LI><LI>The connection fails with SSLV3_ALERT_HANDSHAKE_FAILURE</LI><LI>The error originates from Python SSL (_ssl.c:1017), according to the log</LI></UL><P>Despite using the same configuration, the extension consistently fails to connect to LDAP, which leads us to believe that the issue is related to <STRONG>how the LDAP Synthetic extension establishes the SSL/TLS connection</STRONG>. It’s possible that the extension’s Python runtime is using <STRONG>different SSL libraries or SSL handling logic than the one used by ldapsearch</STRONG> on the ActiveGate host.</P><P><STRONG>Has anyone encountered a similar issue with the LDAP Synthetic extension, or can you provide guidance on how SSL/TLS is handled internally by this extension?</STRONG></P><P>I’m not really sure how python manage this connections. The problem seems to be due a TLS/SSL compatibility problem in the extension (python), maybe pyOpenSSL is not installed or something like that…</P><P>Best regards,<BR /><STRONG>Rob Doce</STRONG><BR /><BR /></P> Wed, 04 Feb 2026 11:29:33 GMT Rob_Doce 2026-02-04T11:29:33Z https://community.dynatrace.com/t5/Extensions/LDAP-Synthetic-connectivity/m-p/294135#M7032 <P><STRONG>Good morning,</STRONG></P><P>We are experiencing issues getting the <STRONG>LDAP Synthetic extension</STRONG> to work in Dynatrace. The extension is fully configured, but it always returns an SSL handshake error, as shown in the following <STRONG>ActiveGate log entry</STRONG>:</P><P><FONT size="1 2 3 4 5 6 7">[912d4363-e154-343e-ade5-629f15259bb5][-5664247153095800450][3658611][err]</FONT></P><P><FONT size="1 2 3 4 5 6 7">2026-02-03 17:04:15,006 [ERROR] (ThreadPoolExecutor-0_0):</FONT></P><P><FONT size="1 2 3 4 5 6 7">DEC:127 Unknown error. Failed to connect to LDAP Server on</FONT></P><P><FONT size="1 2 3 4 5 6 7">ldaps:// XXXXXX.servidores.net:636 - ssl :</FONT></P><P><FONT size="1 2 3 4 5 6 7">("('socket ssl wrapping error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE]</FONT></P><P><FONT size="1 2 3 4 5 6 7">ssl/tls alert handshake failure (_ssl.c:1017)',)",)</FONT></P><P>Initially, this pointed to a potential <STRONG>connectivity issue between the ActiveGate and the LDAP server</STRONG>. However, we have verified that <STRONG>network connectivity from ActiveGate is correct</STRONG>, by using the command: <FONT size="1 2 3 4 5 6 7">openssl s_client -connect XXXXXX.servidores.net:636</FONT><BR />We have also verified <STRONG>TLS 1.2 negotiation and the server certificate</STRONG>, confirming that:</P><UL><LI>The certificate includes valid <STRONG>SAN entries</STRONG></LI><LI>The cipher suite is compatible</LI><LI>TLS 1.2 is correctly negotiated</LI></UL><P>After ruling out connectivity and TLS configuration issues, we used <STRONG>ldapsearch from the ActiveGate host</STRONG> to validate the LDAP parameters used in the extension and to confirm that the LDAP connection itself works correctly.</P><P>The bind operation succeeds (correct user and password), and the LDAP server returns the expected <STRONG>namingContexts</STRONG>.</P><P>We then executed <STRONG>the exact same LDAP query from the ActiveGate</STRONG> using ldapsearch, matching <STRONG>all parameters configured in the LDAP Synthetic extension</STRONG> (Bind DN, Base DN,pass, filter, LDAPS, port 636).<BR />This test returns data successfully.</P><P><STRONG><U>Summary</U></STRONG></P><P>From the <STRONG>ActiveGate host</STRONG>, we can confirm:</P><UL><LI>TLS 1.2 works correctly</LI><LI>The LDAP certificate is valid and trusted</LI><LI>Bind DN and Base DN are correct</LI><LI>LDAP searches return results</LI><LI>No SSL/TLS handshake errors occur</LI></UL><P>From the <STRONG>LDAP Synthetic extension</STRONG>:</P><UL><LI>The configuration is exactly the same</LI><LI>The connection fails with SSLV3_ALERT_HANDSHAKE_FAILURE</LI><LI>The error originates from Python SSL (_ssl.c:1017), according to the log</LI></UL><P>Despite using the same configuration, the extension consistently fails to connect to LDAP, which leads us to believe that the issue is related to <STRONG>how the LDAP Synthetic extension establishes the SSL/TLS connection</STRONG>. It’s possible that the extension’s Python runtime is using <STRONG>different SSL libraries or SSL handling logic than the one used by ldapsearch</STRONG> on the ActiveGate host.</P><P><STRONG>Has anyone encountered a similar issue with the LDAP Synthetic extension, or can you provide guidance on how SSL/TLS is handled internally by this extension?</STRONG></P><P>I’m not really sure how python manage this connections. The problem seems to be due a TLS/SSL compatibility problem in the extension (python), maybe pyOpenSSL is not installed or something like that…</P><P>Best regards,<BR /><STRONG>Rob Doce</STRONG><BR /><BR /></P> Wed, 04 Feb 2026 11:29:33 GMT https://community.dynatrace.com/t5/Extensions/LDAP-Synthetic-connectivity/m-p/294135#M7032 Rob_Doce 2026-02-04T11:29:33Z