You don’t have to use insecure clear text Simple BIND authentication for accessing your LDAP servers.
Get list of supported authentication mechanisms:
ldapsearch -h example.com -x -b "" -s base -LLL supportedSASLMechanisms
Kerberos GSSAPI Example:
ldapsearch -v -Y GSSAPI -h example.com -b "DC=example,DC=com" "(sAMAccountName=someusername)"
ldapsearch -v -Y DIGEST-MD5 -h example.com -U someusername -R example.com -b "DC=example,DC=com"\
Note: For Active Directory Digest Authentication to work, you may need to enable Reversible encryption on the account’s password and change the user’s password once.
If your web app starts serving stale cached content when run behind mod_jk or mod_proxy with apache, it may be due to apache inserting a default expiration header.
You can confirm this by comparing the headers returned from apache and directly from your web app. curl -i will show response headers:
curl -i http://example.com | head -20
To disable apache’s content expirations, add the following to your virtual host:
Here is the official Apache Documentation.