Solutions
Archived

OpenAM 11.0.0 fails to connect to LDAP server when it is restarted

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if the LDAP authentication connection does not recover correctly when the LDAP server is restarted. This issue occurs even when a load balancer is in use and failover is operating correctly.


1 reader recommends this article
Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

OpenAM server fails to connect to the LDAP server when it is restarted.

An error similar to the following is shown in the Authentication debug log (when debug level is set to Message):

DJLDAPv3Repo:06/16/2014 09:38:55:605 AM UTC: Thread[http-bio-8080-exec-402,5,main] ERROR: Unexpected error occurred during search org.forgerock.opendj.ldap.ConnectionException: Connect Error: No operational connection factories available at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:163) at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:125) at org.forgerock.opendj.ldap.AbstractLoadBalancingAlgorithm.getMonitoredConnectionFactory(AbstractLoadBalancingAlgorithm.java:390)

Recent Changes

N/A

Causes

The OpenDJ SDK connection pool used by OpenAM fails when the LDAP server crashes and the LDAP connections are not automatically re-established when the LDAP server restarts. This is an issue when OpenDJ LDAP SDK 2.6.7 or earlier is in use.

Solution

This issue can be resolved by upgrading to OpenAM 11.0.1 or later; you can download this from BackStage.

Workaround

You can workaround this issue by updating the OpenDJ LDAP SDK to version 2.6.8 or later for all OpenAM servers in your deployment:

  1. Download this version from: http://maven.forgerock.org/repo/releases/org/forgerock/opendj/opendj-ldap-sdk/2.6.8/opendj-ldap-sdk-2.6.8.jar
  2. Remove the existing opendj-ldap-sdk-*.jar from the /path/to/tomcat/webapps/openam/WEB-INF/lib/ directory where OpenAM is deployed and then copy across the downloaded version to this directory.
Note

You must restart the web application container in which OpenAM runs to apply this updated version.

See Also

N/A

Related Training

N/A

Related Issue Tracker IDs

OPENAM-3623 (LDAP auth-module connection pool does not correctly recover)

OPENDJ-1348 (Various connection pool implementations do not recover if the target server is powered off and restarted)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.