Get and use secure supported LDAP SASL authentication mechanisms

You don’t have to use insecure clear text Simple BIND authentication for accessing your LDAP servers.

Get list of supported authentication mechanisms:

ldapsearch -h -x -b "" -s base -LLL supportedSASLMechanisms

Kerberos GSSAPI Example:

ldapsearch -v -Y GSSAPI -h -b "DC=example,DC=com" "(sAMAccountName=someusername)"

DIGEST-MD5 Example:

ldapsearch -v -Y DIGEST-MD5 -h -U someusername -R -b "DC=example,DC=com"\
Note: For Active Directory Digest Authentication to work, you may need to enable Reversible encryption on the account’s password and change the user’s password once.

Fix Apache mod_jk or mod_proxy serving stale content

If your web app starts serving stale cached content when run behind mod_jk or mod_proxy with apache, it may be due to apache inserting a default expiration header.

You can confirm this by comparing the headers returned from apache and directly from your web app.  curl -i will show response headers:

curl -i | head -20

To disable apache’s content expirations, add the following to your virtual host:

ExpiresActive Off

Here is the official Apache Documentation.