It appears that the latest change to LDAP SSL pooling mechanism (disabling custom socket) has created issues with authenticating users. The change was for the good cause (improving security and performance). So if possible, it should be retained. But maybe there could be an option in Admin Console to turn off strict certificate checking. Also maybe this change should be reverted until such option is introduced.