John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco) a écrit : > Hello, > > We have a Tomcat 7 server running on Linux that must use LDAP over SSL to > connect to an AD server for user authentication. This > configuration we have working. The issue is the credentials used to > connect to the AD server must have the password updated > every 180 days, and therefore updated in the JNDI Realm configuration. Is > there a way to update the password in server.xml > that would allow it to be recognized as changed without restarting the > Tomcat server. Or some other configuration what ever > it may be that would achieve this. The goal is to update the password and > have it recognized as updated with no down time for > the application running on the server.
I use the following solution in a production system : * derive your own, custom MyRealm class from JNDIRealm. You will typically have to put it in the same package (org.apache.catalina.realm) to get access to some base methods and attributes. * overload key methods, such as authenticate and getRoles to perform your configuration tweaking before forwarding to the base methods. * tweaking typically includes checking the last modification date of a configuration file holding required info, reloading it and applying new config only on change. * use MyRealm instead of realm in server configuration. May sound a bit dirty but... works and takes less than 100 lines of code. And avoids rewriting everything from scratch. Hope this helps, Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org