It is for such a time that I believe ssh tunneling was invented.
In a nutshell, if you can reach the remote box over ssh (TCP port 22), then you can set up a "tunnel" between your workstation and that remote box to connect with whatever port you want over there.
Here's the magic command,
ssh -L 1389:remotehostname:389 remoteuserid@remotehostname
Basically, that's it. Now you can connect to the remote directory server with something like,
ldapsearch -x -h localhost -p 1389 -b "" -s base "objectclass=*"
What you've done is assign port 1389 on your workstation as your local end of the tunnel that connects to port 389 on the remote box.
This works with most ssh setups because by default sshd, the ssh service daemon, allows TCP port forwarding. That can be changed by a particularly, well, security-conscious, security admin, but rarely is.