Solutions
ForgeRock Identity Platform
Does not apply to Identity Cloud

Unable to load schema for plug-in error when configuring an LDAP server as a data store in AM (All versions)

Last updated Apr 13, 2021

The purpose of this article is to provide assistance if you are trying to configure an LDAP server as a data store in the AM console and it fails to connect with a schema error: "Unable to load schema for plug-in"; this happens when the Load schema option is selected. You may encounter this error with any of the data stores, such as DS, Active Directory® or Tivoli.


1 reader recommends this article

Symptoms

You will see an error in the AM console when trying to save the configuration settings for a data store if Load Schema is enabled (Load Schema when saved option is selected in pre-AM 6) . The exact error will vary according to which data store you are configuring, for example:

  • DS: Unable to load schema for plug-in OpenDj Directory Server for realm /. Connect Error: No operational connection factories available
  • Active Directory: Unable to load schema for plug-in Active Directory for realm /. Connect Error: No operational connection factories available
  • Tivoli: Unable to load schema for plug-in Tivoli for realm /. Connect Error: No operational connection factories available
Note

The description after Connect Error: may vary depending on which version of AM you are using and which details are incorrect; however, the "No operational connection factories available" description is the most common. Additionally, you may not see an error in the console if you have multiple servers and at least one of them is correct.

An error similar to the following is shown in the IdRepo log when this happens:

ERROR: An error occurred while trying to initiate persistent search connection org.forgerock.openam.sm.datalayer.api.LdapOperationFailedException: CTS: Operation failed: Result Code: Connect Error Diagnostic Message: No operational connection factories available Matched DN: at org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider$LdapConnectionFactory.create(LdapConnectionFactoryProvider.java:169) at org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider$LdapConnectionFactory.create(LdapConnectionFactoryProvider.java:137) at com.iplanet.services.ldap.event.LDAPv3PersistentSearch.startQuery(LDAPv3PersistentSearch.java:168) at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.addListener(DJLDAPv3Repo.java:2088) at com.sun.identity.idm.server.IdRepoPluginsCache.constructIdRepoPlugin(IdRepoPluginsCache.java:489) at com.sun.identity.idm.server.IdRepoPluginsCache.addIdRepo(IdRepoPluginsCache.java:355) at com.sun.identity.idm.server.IdRepoPluginsCache.removeIdRepo(IdRepoPluginsCache.java:268) at com.sun.identity.idm.server.IdRepoPluginsCache.organizationConfigChanged(IdRepoPluginsCache.java:648) at com.sun.identity.sm.ServiceConfigManagerImpl.notifyOrgConfigChange(ServiceConfigManagerImpl.java:505) at com.sun.identity.sm.ServiceConfigManagerImpl.objectChanged(ServiceConfigManagerImpl.java:465) at com.sun.identity.sm.SMSNotificationManager.sendNotifications(SMSNotificationManager.java:294) at com.sun.identity.sm.SMSNotificationManager$LocalChangeNotifcationTask.run(SMSNotificationManager.java:370) at org.forgerock.openam.audit.context.AuditRequestContextPropagatingRunnable.run(AuditRequestContextPropagatingRunnable.java:34) at com.iplanet.am.util.ThreadPool$WorkerThread.run(ThreadPool.java:314) Caused by: org.forgerock.opendj.ldap.ConnectionException: Connect Error: Connection refused

Recent Changes

Configured a new external data store.

Changed the credentials for an existing data store.

Made network changes.

Causes

AM cannot communicate with, or connect to the LDAP server.

Solution

This issue can be resolved as follows:

  • Ensure you have the correct server credentials.
  • Ensure the LDAP server name is correct.
  • Ensure all the communications ports between AM and LDAP server are open.
  • Review firewall communications between AM and LDAP server.

See Also

AM 5.x or 6.x fails to connect to the user data store when anonymous access is disabled in DS

Data stores in AM

​​​​​​​Setup Guide › Identity Stores

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.