-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 5/13/15 2:45 PM, Mark Thomas wrote: > On 13/05/2015 19:13, John Beaulaurier -X (jbeaulau - ADVANCED > NETWORK INFORMATION INC at Cisco) wrote: >> Hello, >> >> We have a Tomcat 7 server running on Linux that must use LDAP >> over SSL to connect to an AD server for user authentication. >> This configuration we have working. The issue is the credentials >> used to connect to the AD server must have the password updated >> every 180 days, and therefore updated in the JNDI Realm >> configuration. Is there a way to update the password in >> server.xml that would allow it to be recognized as changed >> without restarting the Tomcat server. Or some other configuration >> what ever it may be that would achieve this. The goal is to >> update the password and have it recognized as updated with no >> down time for the application running on the server. >> >> Any thoughts would be appreciated. > > server.xml changes require a restart. Can you update it via JMX as > well? (That should work but I am going from memory rather than > testing it / looking at the source). - From *my* memory, modifying things that come from server.xml via JMX often does nothing, because the component itself doesn't get re-initialized. You basically just change the in-memory representation of the configuration, but the component (Realm, in this case), just keeps doing what it was doing. A good example is the <Connector>s, though in that case, the "Connector" is just configuration that gets used to generate a Protocol+Endpoint so maybe I'm just thinking of this special case. Ultimately, JMX is the *right* way to do this, provided that the Realm notices that the configuration has changed and actually uses that configuration. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVU7PVAAoJEBzwKT+lPKRYOJwQAMrZi9Pu+MuG25bnTbgMCBtm gTAdkheI/ovuG2H2hjCAqUJo6x0B1piG71uOV7S0lTatTIdclUIeDR67mheZlLXx yY0oy4pFWSsH1UJE14LnTyqXUWQWGFTD1tAMmgGrXhMhkIVlltaFkBP9fxis33xN sjhJh8QL27jK80QL19PuVNhDLWJbAAAGhDlxHDqeCRZaxu9mC/9imWr4juTw/4vu l1xcy4Q8+G+nwpYjKlAv3ttpgMipfOKRlYSLVpxZO45yEbJmCZWJef51CSLL4Ib/ 0qxONW+aKndUJ1ZhAgc6ZSQL4N9Z+stNphD/IQhKK8I9SCdVuJrTrsdUjurpuMXZ d89uIduDKVLsIqnUyHH019M4zWa9xs26pJ/JJv9yyTZvkCfH2X5YAAO8tJE7kTm3 HTZA8hIWD09n4VZ0P0BZurmRt2aI/pTq6+aVhig0uEC0POA5MME5WWKidTVAat09 vRqKtQYgVWP0iBB7Cd2IVcpb2sE6ZpRgsF6K4Nw+brfr68uTk/FvD6kb/7JrpTYd Thkfyh102WQBVZxeTXOo952v1CKv0tAWdxx9/t1boRbCM9cNvDnsjKGzMgRkJ+0r Zx0/A19ORdC7uBn87+uW8Q9CgUIuN+NQuR89OS+nQSZdhnDU8pQgLZR1hoEuYCpO yRmNoIOIMQFnrKKPAqGC =psQ4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org