3

I want to connect to an LDAP server running on a server at ldap.subnet.example.com using Apache Directory Studio.

I am running Apache Directory Studio 2.0.0.v20200411-M15 with java-14-openjdk on Manjaro Linux.

Unfortunately, the LDAP server is only reachable from within the same subnet and I am outside this subnet (my host is mypc.example.org). I however can access the host portal.subnet.example.com via SSH, which is in the same subnet as the LDAP server and can therefore bind to it.

My go-to way of solving this is creating a SOCKS proxy using the following command on mypc.example.org:

ssh -D 8080 [email protected]

I then configure the software to use this SOCKS proxy. This works very well with e.g. Firefox.

However, it does not seem to work with Apache Directory Studio. I have made the following settings in "Window" > "Preferences" > "General" > "Network Connections":

  • Active Provider: Manual
  • Proxy entries:
    • HTTP (nothing specified here, but I can't delete it either)
    • HTTPS (same as above)
    • SOCKS: Host localhost, Port 8080, Provider Manual, Auth No
  • Proxy bypass:
    • localhost, Provider Manual (default settings, I did not modify this)
    • 127.0.0.1, Provider Manual (default settings, I did not modify this)

Still, when I try to connect to the server, "Open Connection: (14%)" appears for a while in the bottom left corner before I get an "Error while opening connection - MSG_04177_CONNECTION_TIMEOUT (5000)".

I have also tried to set the proxy in the ApacheDirectoryStudio.ini, again, without success.

-vmargs
-DsocksProxyHost=localhost
-DsocksProxyPort=8080

This issue might be related – the last comment leaves me with the impression that the Apache LDAP API simply ignores those settings because it is based on Apache MINA, which is configured differently; I however have not found out how. This Stack Overflow question matches the problem described in the issue, but sadly, the solutions are code - I need a configuration solution.

Improve this question
2
  • Perhaps I am misunderstanding, but you are bypassing the proxy entries on localhost (via Proxy bypass) even though the proxy itself is running on localhost (Proxy entries)? This doesn't seem to make much sense to me.
    – Anaksunaman
    Commented Jan 14, 2021 at 10:22
  • @Anaksunaman The bypass entries were default entries. I just removed them, but the problem persists. I assume they don't mean that proxies running on localhost should be bypassed, but that for LDAP servers running on localhost no proxy should be used (which I suppose is sensible, but shouldn't affect me if I'm correct, because my LDAP server does not run on localhost).
    – TuringTux
    Commented Jan 14, 2021 at 10:39

1 Answer 1

Reset to default
3

My way of solving this would be by using SSH tunneling.

Assuming that the standard LDAP port 389 is used:

ssh -L 389:ldap.subnet.example.com:389 [email protected]

This means that, on your host mypc.example.org, all traffic coming through the local port 389 will be sent to the SSH server portal.subnet.example.com, then forwarded to the remote destination ldap.subnet.example.com at port 389 (which the SSH server has access to).

Queries will then use the local address and port: ldap://localhost:389 or ldap://mypc.example.org:389.

No proxy used, and the SSH tunnel is transparent to Apache Directory Studio.

N.B.: Here I suggest the local port 389 (such as in ssh -L 389:) for convenience but you may use any arbitrary available local port number.

Improve this answer
1
  • 1
    This is indeed what I actually went with in the end, just never found the time to write a proper answer. Thanks a lot!
    – TuringTux
    Commented May 12, 2022 at 15:56

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .