tags:

views:

235

answers:

2
+6  Q: 

PHP connect via SSH tunnel to LDAP in other network

I'm developing website for my school. In that school we authenticate users via LDAP, so there was an idea to do the same via school-site. On that site everything is working perfectly, but during developing I need very often to test if such solution works, of not. In order not to commit my changes so often I want to test this site on my local computer, but for connecting with LDAP i want to use ssh tunnel. In school network we have one server through witch we are connecting with inside of our school network. It's address is phoenix.lo5.bielsko.pl. Inside this network we have LDAP server with opened 389 and 636 ports. It's address is auth.lo5. I don't have access to auth.lo5 via SSH, I can only connect with it to get some LDAP entries. So, I've tried to run SSH tunnel by running:

ssh -L 636:auth.lo5:636 [email protected]

Then, I've set in my /etc/hosts that auth.lo5 is pointing to 127.0.0.1. I'm connecting to LDAP in PHP in such a way:

ldap_connect('ldaps://auth.lo5', 636);

But I'm getting error Can't contact LDAP server. I think, that problem might be on phoenix.lo5.bielsko.pl in its SSH daemon config or in arguments passed to ldap_connect() function. Can you tell me, what should I set in sshd_config or in arguments passed to ldap_connect to get it working?

I posted the same question in similar thread, but no one has answered my question.

P.S. In my /etc/ssh/sshd_config I have line AllowTcpForwarding yes

A: 

Try replacing all instances of auth.lo5 with localhost:

ssh -L 636:localhost:636 [email protected] and ldap_connect('ldaps://localhost', 636);

If that doesn't work, try turning off SSL to see if that works:

ssh -L 389:localhost:389 [email protected] and ldap_connect('localhost', 389);

Charles  2010-07-25 15:43:34
Both solutions aren't working. I think, it shouldn't be localhost in ssh commands, because LDAP server is reachable for phoenix not by 'localhost' but 'auth.lo5'. 'localhost' points to phoenix. Maybe I have to put something to my client or server ssh-configs?
Hfaua  2010-07-25 15:53:24
+1  A: 

If I got it right phoenix.lo5 and auth.lo5 are 2 different machines. If so you have to create a tunnel to the ssh machine, and then send the ldap queries to the right machine.

Your command: ssh -L 636:auth.lo5:636 [email protected] is right if phoenix.lo5.bielsko.pl can resolve auth.lo5 via DNS or /etc/hosts, if not you need to use its internal ip address.

Also if you want to use port 636 on your pc, you need to run your command as superuser (root or with sudo) else you need to use an high port (above 1024) as stated by Borealid

Once the tunnel is up you have to point to localhost to do the queries

EndelWar  2010-07-26 18:54:48
Of course `phoenix` and `auth` are different machines and we use our DNS to resolve its names. I think, addresses aren't real problem here. I've used `tcpdump` to check if there are real connection through tunnel and if `ldapwhoami` is sending packets correctly. The result was confusing: `local =[tunnel]=> phoenix => auth (LDAP querying) => phoenix =[tunnel]=> local`, so I think, that `ldapwhoami` should give right answer, but I get error `ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)`. I have sudo on `phoenix` so ports under 1024 are not problem, I think. Don't you think its weird?
Hfaua  2010-07-27 17:27:13

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases