OpenAM 11.0.0 fails to connect to LDAP server when it is restarted
The purpose of this article is to provide assistance if the LDAP authentication connection does not recover correctly when the LDAP server is restarted. This issue occurs even when a load balancer is in use and failover is operating correctly.
1 reader recommends this article
Archived
This article has been archived and is no longer maintained by ForgeRock.
Symptoms
OpenAM server fails to connect to the LDAP server when it is restarted.
An error similar to the following is shown in the Authentication debug log (when debug level is set to Message):
DJLDAPv3Repo:06/16/2014 09:38:55:605 AM UTC: Thread[http-bio-8080-exec-402,5,main] ERROR: Unexpected error occurred during search org.forgerock.opendj.ldap.ConnectionException: Connect Error: No operational connection factories available at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:163) at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:125) at org.forgerock.opendj.ldap.AbstractLoadBalancingAlgorithm.getMonitoredConnectionFactory(AbstractLoadBalancingAlgorithm.java:390)Recent Changes
N/A
Causes
The OpenDJ SDK connection pool used by OpenAM fails when the LDAP server crashes and the LDAP connections are not automatically re-established when the LDAP server restarts. This is an issue when OpenDJ LDAP SDK 2.6.7 or earlier is in use.
Solution
This issue can be resolved by upgrading to OpenAM 11.0.1 or later; you can download this from BackStage.
Workaround
You can workaround this issue by updating the OpenDJ LDAP SDK to version 2.6.8 or later for all OpenAM servers in your deployment:
- Download this version from: http://maven.forgerock.org/repo/releases/org/forgerock/opendj/opendj-ldap-sdk/2.6.8/opendj-ldap-sdk-2.6.8.jar
- Remove the existing opendj-ldap-sdk-*.jar from the /path/to/tomcat/webapps/openam/WEB-INF/lib/ directory where OpenAM is deployed and then copy across the downloaded version to this directory.
Note
You must restart the web application container in which OpenAM runs to apply this updated version.
See Also
N/A
Related Training
N/A
Related Issue Tracker IDs
OPENAM-3623 (LDAP auth-module connection pool does not correctly recover)