You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by sigzero <si...@gmail.com> on 2012/01/06 15:56:50 UTC
Tomcat and LDAP (handling password expiration)
The scenario is that Tomcat (6) is sitting on Windows and it talks to
an LDAP server sitting on Linux (RHEL). What is the best way to handle
the Tomcat LDAP account password expiring? I know that the password
needs to change on the LDAP and the Tomcat server.xml file needs to be
updated. I see no go way to automate that and the only workaround that
I see is to have the Tomcat LDAP account password not expire.
Any suggestions?
Thanks for your time.
Bob
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat and LDAP (handling password expiration)
Posted by sigzero <si...@gmail.com>.
On Fri, Jan 6, 2012 at 10:11 AM, André Warnier <aw...@ice-sa.com> wrote:
> sigzero wrote:
>>
>> The scenario is that Tomcat (6) is sitting on Windows and it talks to
>> an LDAP server sitting on Linux (RHEL). What is the best way to handle
>> the Tomcat LDAP account password expiring? I know that the password
>> needs to change on the LDAP and the Tomcat server.xml file needs to be
>> updated. I see no go way to automate that and the only workaround that
>> I see is to have the Tomcat LDAP account password not expire.
>>
> That is indeed the solution we had to get several of our customers to agree
> to.
> In general, that is a called a "service account" in sysadmin/netadmin
> parlance, and it generally means some paperwork..
>
Totally agree...security folks don't like that answer too much. I am
just doing some ground work to say "this is the way it is".
Thanks,
Bob
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat and LDAP (handling password expiration)
Posted by André Warnier <aw...@ice-sa.com>.
sigzero wrote:
> The scenario is that Tomcat (6) is sitting on Windows and it talks to
> an LDAP server sitting on Linux (RHEL). What is the best way to handle
> the Tomcat LDAP account password expiring? I know that the password
> needs to change on the LDAP and the Tomcat server.xml file needs to be
> updated. I see no go way to automate that and the only workaround that
> I see is to have the Tomcat LDAP account password not expire.
>
That is indeed the solution we had to get several of our customers to agree to.
In general, that is a called a "service account" in sysadmin/netadmin parlance, and it
generally means some paperwork..
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat and LDAP (handling password expiration)
Posted by Pid <pi...@pidster.com>.
On 06/01/2012 14:56, sigzero wrote:
> The scenario is that Tomcat (6) is sitting on Windows and it talks to
> an LDAP server sitting on Linux (RHEL). What is the best way to handle
> the Tomcat LDAP account password expiring? I know that the password
> needs to change on the LDAP and the Tomcat server.xml file needs to be
> updated.
You can replace the contents of XML attributes in server.xml with variables.
<Connector port="${http.port}" />
The variables are taken from conf/catalina.properties which is a Java
Properties file.
You could programmatically update that file and then restart the Tomcat
instance. You will need to restart the Tomcat instance if 'talks to an
LDAP server' refers to a Realm or DataSource defined in server.xml.
p
I see no go way to automate that and the only workaround that
> I see is to have the Tomcat LDAP account password not expire.
>
> Any suggestions?
>
> Thanks for your time.
>
> Bob
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
[key:62590808]
Re: Tomcat and LDAP (handling password expiration)
Posted by sigzero <si...@gmail.com>.
On Fri, Jan 6, 2012 at 10:05 AM, Konstantin Kolinko
<kn...@gmail.com> wrote:
> 2012/1/6 sigzero <si...@gmail.com>:
>> The scenario is that Tomcat (6) is sitting on Windows and it talks to
>> an LDAP server sitting on Linux (RHEL). What is the best way to handle
>> the Tomcat LDAP account password expiring? I know that the password
>> needs to change on the LDAP and the Tomcat server.xml file needs to be
>> updated. I see no go way to automate that and the only workaround that
>> I see is to have the Tomcat LDAP account password not expire.
>>
>> Any suggestions?
>>
>
> Change it proactively before it expires?
> In any way you would have to restart Tomcat (unless the component that
> uses the password can be restarted separately or can be managed
> through JMX).
>
> You may want to look here for options of moving the password outside the file:
> https://wiki.apache.org/tomcat/FAQ/Password
>
Was trying to avoid a manual situation.
Thanks for the resource!
Bob
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat and LDAP (handling password expiration)
Posted by Konstantin Kolinko <kn...@gmail.com>.
2012/1/6 sigzero <si...@gmail.com>:
> The scenario is that Tomcat (6) is sitting on Windows and it talks to
> an LDAP server sitting on Linux (RHEL). What is the best way to handle
> the Tomcat LDAP account password expiring? I know that the password
> needs to change on the LDAP and the Tomcat server.xml file needs to be
> updated. I see no go way to automate that and the only workaround that
> I see is to have the Tomcat LDAP account password not expire.
>
> Any suggestions?
>
Change it proactively before it expires?
In any way you would have to restart Tomcat (unless the component that
uses the password can be restarted separately or can be managed
through JMX).
You may want to look here for options of moving the password outside the file:
https://wiki.apache.org/tomcat/FAQ/Password
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org