tags:

views:

519

answers:

3
+1  Q: 

Accessing LDAP through SSH tunnel

Hello,

I got access via SSH (root access) to a Machine that's inside a network at my client's office.

I'm programming in my computer a PHP application that needs to integrate to LDAP. The LDAP server is in another server at my client's network and not accesible from outside, however I can perfectly access it via the server I can connect to via SSH.

My question is: IS there anyway I can make a tunnel and setup a port in my computer to get the traffic forwarded to the LDAP server using my SSH connection to one of the computers on the network?

Thanks!!!!

+7  A: 

Yes, ssh has a "-L" option to create a tunnel. That option takes 3 parameters, separated by colons (:). Local listen port, remote host, remote port.

ssh -L 9999:ldapserver:389 user@otherhost

Where 9999 is the local port that the tunnel will be created on. The ldapserver:389 bit tells it where to connect to on the other side.

Then, tell your application to connect to localhost:9999 (or whatever port you choose) and it will be tunneled across.

Adam Batkin  2009-08-07 13:35:18
you might also use the -N option, so ssh doesn't become interactive
ammoQ  2009-08-07 13:40:42
thanks! I got connection refused although with both optins but this may be another problem
Guillermo  2009-08-07 13:47:53
you need to tcp forwarding enabled on the remote ssh server. By default this is often disabled. In sshd_config put:AllowTcpForwarding yes
Gunstick  2009-09-28 15:56:03
A: 

I have the same situation as You, Guillermo. Can I ask You, what arguments did You passed to function ldap_connect() in order to connect with no errors? Because I'm always getting error "Can't contact LDAP server...".

The network with LDAP server is accessible from my house by server with address phoenix.lo5.bielsko.pl. The address of LDAP server inside this network is auth.lo5. LDAP server is listening on ports 389 and 636. On my local computer I've edited /etc/hosts, so auth.lo5 is pointing on 127.0.0.1 So, I'm making tunnel by typing:

ssh -L 636:auth.lo5:636 [email protected]

Then, in PHP I connect to my server by:

ldap_connect('ldaps://auth.lo5', 636);

Then, during binding I'm getting above-mentioned error "Can't contact LDAP server...". What should I change in order to get it working?

Hfaua  2010-07-23 13:27:54
A: 

I have a similar problem in that I need to tunnel through an intranet http proxy to get to an LDAP server on the outside. I am writing in java and I need to know the syntax for creating the tunnel. Thanks!

 2010-10-13 22:18:41

related questions

Is there a better Java implementation of SSH2 than JSch?
Check out from a remote SVN repository TO a remote location?
Download files to local drive when sshed
Are there any good free .Net network libraries? (FTP, SFTP, SSH, etc.)
How do you install an ssh server on qnx?
How do I remove the passphrase for the SSH key without having to create a new key?
ssh-agent with passwords without spawning too many processes
Why does cisco IOS require domain-name to be set before SSH keys can be generated?
Setting the default ssh key location
Managing authorized_keys on a large number of hosts.
Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)
Which is the best way to bring a file from a remote host to local host over an SSH session?
Is it possible to forward ssh requests that come in over a certain port to another machine?
Can you have virtual users using an SFTP server?
Why does Vista complain about a dead process when I use Cygwin X11 ssh and how do I get it to shut up?
ssh hangs when command invoked directly, but exits cleanly when run interactive
Getting ssh to execute a command in the background on target machine
How do you use ssh in a shell script?
Avoid traffic shaping by using ssh on port 443
Alternative SSH Application to Plink
What are some good SSH Servers for windows?
Keep Remote Directory Up-to-date
Allow user to set up an SSH tunnel, but nothing else
How do I setup Public-Key Authentication?
Gtk SSH client for Linux?