John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)
wrote:
Hello,
We have a Tomcat 7 server running on Linux that must use LDAP over SSL to
connect to an AD server for user authentication. This
configuration we have working. The issue is the credentials used to connect to
the AD server must have the password updated
every 180 days, and therefore updated in the JNDI Realm configuration. Is there
a way to update the password in server.xml
that would allow it to be recognized as changed without restarting the Tomcat
server. Or some other configuration what ever
it may be that would achieve this. The goal is to update the password and have
it recognized as updated with no down time for
the application running on the server.
Any thoughts would be appreciated.
The real issue there, is that the password must be updated every 180 days.
That means that to connect to the AD server, you are probably using a "normal user
account", to which this kind of policy applies.
You should probably request a special "service account", of which the password does not
run out.
Yes, such a "service account" is probably harder to get, and you will probably have to go
through some administrative burdens to get it, but that is the right way to run for your
Tomcat, which is a "service", and which should not be submitted to the same kind of
policies as a normal user.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
