You don’t have to use insecure clear text Simple BIND authentication for accessing your LDAP servers.
Get list of supported authentication mechanisms:
ldapsearch -h example.com -x -b "" -s base -LLL supportedSASLMechanisms
Kerberos GSSAPI Example:
kinit ldapsearch -v -Y GSSAPI -h example.com -b "DC=example,DC=com" "(sAMAccountName=someusername)"
ldapsearch -v -Y DIGEST-MD5 -h example.com -U someusername -R example.com -b "DC=example,DC=com"\ "(sAMAccountName=someusername)"
If your web app starts serving stale cached content when run behind mod_jk or mod_proxy with apache, it may be due to apache inserting a default expiration header.
You can confirm this by comparing the headers returned from apache and directly from your web app. curl -i will show response headers:
curl -i http://example.com | head -20
To disable apache’s content expirations, add the following to your virtual host:
Here is the official Apache Documentation.