OpenAM 11.0.0 fails to connect to LDAP server when it is restarted
The purpose of this article is to provide assistance if the LDAP authentication connection does not recover correctly when the LDAP server is restarted. This issue occurs even when a load balancer is in use and failover is operating correctly.
1 reader recommends this article
This article has been archived and is no longer maintained by ForgeRock.
OpenAM server fails to connect to the LDAP server when it is restarted.
An error similar to the following is shown in the Authentication debug log (when debug level is set to Message):DJLDAPv3Repo:06/16/2014 09:38:55:605 AM UTC: Thread[http-bio-8080-exec-402,5,main] ERROR: Unexpected error occurred during search org.forgerock.opendj.ldap.ConnectionException: Connect Error: No operational connection factories available at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:163) at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:125) at org.forgerock.opendj.ldap.AbstractLoadBalancingAlgorithm.getMonitoredConnectionFactory(AbstractLoadBalancingAlgorithm.java:390)
The OpenDJ SDK connection pool used by OpenAM fails when the LDAP server crashes and the LDAP connections are not automatically re-established when the LDAP server restarts. This is an issue when OpenDJ LDAP SDK 2.6.7 or earlier is in use.
This issue can be resolved by upgrading to OpenAM 11.0.1 or later; you can download this from BackStage.
You can workaround this issue by updating the OpenDJ LDAP SDK to version 2.6.8 or later for all OpenAM servers in your deployment:
- Download this version from: http://maven.forgerock.org/repo/releases/org/forgerock/opendj/opendj-ldap-sdk/2.6.8/opendj-ldap-sdk-2.6.8.jar
- Remove the existing opendj-ldap-sdk-*.jar from the /path/to/tomcat/webapps/openam/WEB-INF/lib/ directory where OpenAM is deployed and then copy across the downloaded version to this directory.
You must restart the web application container in which OpenAM runs to apply this updated version.
Related Issue Tracker IDs
OPENAM-3623 (LDAP auth-module connection pool does not correctly recover)
OPENDJ-1348 (Various connection pool implementations do not recover if the target server is powered off and restarted)