-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 5/13/15 2:45 PM, Mark Thomas wrote:
> On 13/05/2015 19:13, John Beaulaurier -X (jbeaulau - ADVANCED
> NETWORK INFORMATION INC at Cisco) wrote:
>> Hello,
>> 
>> We have a Tomcat 7 server running on Linux that must use LDAP
>> over SSL to connect to an AD server for user authentication.
>> This configuration we have working. The issue is the credentials
>> used to connect to the AD server must have the password updated 
>> every 180 days, and therefore updated in the JNDI Realm
>> configuration. Is there a way to update the password in
>> server.xml that would allow it to be recognized as changed
>> without restarting the Tomcat server. Or some other configuration
>> what ever it may be that would achieve this. The goal is to
>> update the password and have it recognized as updated with no
>> down time for the application running on the server.
>> 
>> Any thoughts would be appreciated.
> 
> server.xml changes require a restart. Can you update it via JMX as
> well? (That should work but I am going from memory rather than
> testing it / looking at the source).

- From *my* memory, modifying things that come from server.xml via JMX
often does nothing, because the component itself doesn't get
re-initialized. You basically just change the in-memory representation
of the configuration, but the component (Realm, in this case), just
keeps doing what it was doing.

A good example is the <Connector>s, though in that case, the
"Connector" is just configuration that gets used to generate a
Protocol+Endpoint so maybe I'm just thinking of this special case.

Ultimately, JMX is the *right* way to do this, provided that the Realm
notices that the configuration has changed and actually uses that
configuration.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVU7PVAAoJEBzwKT+lPKRYOJwQAMrZi9Pu+MuG25bnTbgMCBtm
gTAdkheI/ovuG2H2hjCAqUJo6x0B1piG71uOV7S0lTatTIdclUIeDR67mheZlLXx
yY0oy4pFWSsH1UJE14LnTyqXUWQWGFTD1tAMmgGrXhMhkIVlltaFkBP9fxis33xN
sjhJh8QL27jK80QL19PuVNhDLWJbAAAGhDlxHDqeCRZaxu9mC/9imWr4juTw/4vu
l1xcy4Q8+G+nwpYjKlAv3ttpgMipfOKRlYSLVpxZO45yEbJmCZWJef51CSLL4Ib/
0qxONW+aKndUJ1ZhAgc6ZSQL4N9Z+stNphD/IQhKK8I9SCdVuJrTrsdUjurpuMXZ
d89uIduDKVLsIqnUyHH019M4zWa9xs26pJ/JJv9yyTZvkCfH2X5YAAO8tJE7kTm3
HTZA8hIWD09n4VZ0P0BZurmRt2aI/pTq6+aVhig0uEC0POA5MME5WWKidTVAat09
vRqKtQYgVWP0iBB7Cd2IVcpb2sE6ZpRgsF6K4Nw+brfr68uTk/FvD6kb/7JrpTYd
Thkfyh102WQBVZxeTXOo952v1CKv0tAWdxx9/t1boRbCM9cNvDnsjKGzMgRkJ+0r
Zx0/A19ORdC7uBn87+uW8Q9CgUIuN+NQuR89OS+nQSZdhnDU8pQgLZR1hoEuYCpO
yRmNoIOIMQFnrKKPAqGC
=psQ4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

  • ... John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)
    • ... Mark Thomas
      • ... Christopher Schultz
        • ... John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)
          • ... Caldarale, Charles R
    • ... André Warnier
    • ... PÉNET LUDOVIC

Reply via email to