JNDIRealm and password expiration

[Andris Eiduks <ae...@gmail.com>]

Hi!

We use JNDIRealm for users authentication from Tomcat again OpenLDAP.
But users doesn't get notifications about password expiration.

It is possible for current solution (Tomcat and OpenLDAP) ?
Or we must create different functions in web application for passwords
expiry dates searching directly into OpenLDAP?


Thanks in advance,

Andris Eiduks

Re: JNDIRealm and password expiration

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andris,

Andris Eiduks wrote:
| We use JNDIRealm for users authentication from Tomcat again OpenLDAP.
| But users doesn't get notifications about password expiration.
|
| It is possible for current solution (Tomcat and OpenLDAP) ?
| Or we must create different functions in web application for passwords
| expiry dates searching directly into OpenLDAP?

Tomcat's container-managed authentication and authorization does not
offer this feature.

You may be able to use securityfilter
(http://securityfilter.sourceforge.net/) with a custom Realm (and
possibly some additional custom Filters or something) to meet your
requirements.

I use securityfilter plus my own Filter that checks for a "must change
password" user account status. The Filter requires that anyone in that
state must change their password before viewing any other pages. It
works quite well, and the code is fairly simple.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkeOfkUACgkQ9CaO5/Lv0PCzAwCeMv34MYkSDQH0xONzc4Sg2vRC
q6MAoLB3Jbz0QlPpUO3h0DPxL2Pc02Y5
=bHRz
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org