Solutions

Unable to load schema for plug-in error when configuring an LDAP server as a data store in AM/OpenAM (All versions)

Last updated Jul 9, 2018

The purpose of this article is to provide assistance if you are trying to configure an LDAP server as a data store in the AM/OpenAM console and it fails to connect with a schema error: "Unable to load schema for plug-in"; this happens when the Load schema option is selected. You may encounter this error with any of the data stores, such as DS/OpenDJ, Active Directory® or Tivoli.


1 reader recommends this article

Symptoms

You will see an error in the AM/OpenAM console when trying to save the configuration settings for a data store if Load Schema is enabled (Load Schema when saved option is selected in pre-AM 6) . The exact error will vary according to which data store you are configuring, for example:

  • DS/OpenDJ:
    Unable to load schema for plug-in OpenDj Directory Server for realm /. Connect Error: No operational connection factories available
    
  • Active Directory:
    Unable to load schema for plug-in Active Directory for realm /. Connect Error: No operational connection factories available
    
  • Tivoli:
    Unable to load schema for plug-in Tivoli for realm /. Connect Error: No operational connection factories available
    
Note

The description after Connect Error: may vary depending on which version of AM/OpenAM you are using and which details are incorrect; however, the "No operational connection factories available" description is the most common. Additionally, you may not see an error in the console if you have multiple servers and at least one of them is correct.

An error similar to the following is shown in the IdRepo log when this happens:

ERROR: An error occurred while trying to initiate persistent search connection
org.forgerock.openam.sm.datalayer.api.LdapOperationFailedException: 
CTS: Operation failed:
Result Code: Connect Error
Diagnostic Message: No operational connection factories available
Matched DN: 
   at org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider$LdapConnectionFactory.create(LdapConnectionFactoryProvider.java:169)
   at org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider$LdapConnectionFactory.create(LdapConnectionFactoryProvider.java:137)
   at com.iplanet.services.ldap.event.LDAPv3PersistentSearch.startQuery(LDAPv3PersistentSearch.java:168)
   at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.addListener(DJLDAPv3Repo.java:2088)
   at com.sun.identity.idm.server.IdRepoPluginsCache.constructIdRepoPlugin(IdRepoPluginsCache.java:489)
   at com.sun.identity.idm.server.IdRepoPluginsCache.addIdRepo(IdRepoPluginsCache.java:355)
   at com.sun.identity.idm.server.IdRepoPluginsCache.removeIdRepo(IdRepoPluginsCache.java:268)
   at com.sun.identity.idm.server.IdRepoPluginsCache.organizationConfigChanged(IdRepoPluginsCache.java:648)
   at com.sun.identity.sm.ServiceConfigManagerImpl.notifyOrgConfigChange(ServiceConfigManagerImpl.java:505)
   at com.sun.identity.sm.ServiceConfigManagerImpl.objectChanged(ServiceConfigManagerImpl.java:465)
   at com.sun.identity.sm.SMSNotificationManager.sendNotifications(SMSNotificationManager.java:294)
   at com.sun.identity.sm.SMSNotificationManager$LocalChangeNotifcationTask.run(SMSNotificationManager.java:370)
   at org.forgerock.openam.audit.context.AuditRequestContextPropagatingRunnable.run(AuditRequestContextPropagatingRunnable.java:34)
   at com.iplanet.am.util.ThreadPool$WorkerThread.run(ThreadPool.java:314)
Caused by: org.forgerock.opendj.ldap.ConnectionException: Connect Error: Connection refused

Recent Changes

Configured a new external data store.

Changed the credentials for an existing data store.

Made network changes.

Causes

AM/OpenAM cannot communicate with, or connect to the LDAP server.

Solution

This issue can be resolved as follows:

  • Ensure you have the correct server credentials.
  • Ensure the LDAP server name is correct.
  • Ensure all the communications ports between AM/OpenAM and LDAP server are open.
  • Review firewall communications between AM/OpenAM and LDAP server.

See Also

AM/OpenAM (All versions) fails to connect to the user data store when anonymous access is disabled in DS/OpenDJ

Data stores in AM/OpenAM

​​​​​​​Setup and Maintenance Guide › Introducing Identity Data Stores

Related Training

N/A

Related Issue Tracker IDs

N/A



Copyright and TrademarksCopyright © 2018 ForgeRock, all rights reserved.
Loading...