ssh tunnel to your directory

This is a little trick I learned out of self-preservation. While I have the utmost respect for my brothers in network security, there comes a time in every directory admin's life when the IT bureaucracy (the "hidden" 8th layer in the OSI Model) causes a collision between your need for access and change control lead times.

It is for such a time that I believe ssh tunneling was invented.

In a nutshell, if you can reach the remote box over ssh (TCP port 22), then you can set up a "tunnel" between your workstation and that remote box to connect with whatever port you want over there.

Here's the magic command,

ssh -L 1389:remotehostname:389 remoteuserid@remotehostname

Basically, that's it. Now you can connect to the remote directory server with something like,

ldapsearch -x -h localhost -p 1389 -b "" -s base "objectclass=*"

What you've done is assign port 1389 on your workstation as your local end of the tunnel that connects to port 389 on the remote box.

This works with most ssh setups because by default sshd, the ssh service daemon, allows TCP port forwarding. That can be changed by a particularly, well, security-conscious, security admin, but rarely is.