Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Socks (ssh tunnel) / Linux

191 views
Skip to first unread message

Sonja Benz

unread,
May 2, 2010, 11:07:44 AM5/2/10
to
Hi,

I did start to work with Linux instead of Windows. Unfortunately TDI
makes problems, when using the LDAP connector. It works fine in a
standard Intra/Internet, but as soon as I use a VPN built on ssh
tunnels and socks it is not able to connect to the LDAP servers.
Does anybody have some advice on the problem?

I got similar problems with JXplorer, a free java LDAP browser. May be
the problem is related to JAVA?

Sonja

Sonja Benz

unread,
May 6, 2010, 12:08:50 PM5/6/10
to
Hi,

I found a solution which works to some intend, but is not really
satisfying: One could modify the line in ibmditk to something like

"$JRE_PATH/java" -DsocksProxyHost=127.0.0.1 -DsocksProxyPort=10082 -
cp "/opt/IBM/TDI/V6.1.1/jars/3rdparty/IBM/db2jcc_license_c.jar" -
Xms16m "-Dlog4j.configuration=file:///opt/IBM/TDI/V6.1.1/etc/ce-
log4j.properties" -jar "/opt/IBM/TDI/V6.1.1/IDILoader.jar"
com.ibm.di.admin.miadmin "$@"

with -DsocksProxyHost and -DsocksProxyPort being the important
differences. However, this works only, if you only have one proxy in
place. In our environment we have different ports for different
intranets. And usually applications are either already socksified or
can be wrapped by tsocks. Is there any elegant solution for JAVA and
TDI?

Sonja

kolev.kg

unread,
May 6, 2010, 3:05:10 PM5/6/10
to
Hi Sonja,

Unless the connector explicitly specifies some configuration
parameters that would configure a proxy, I doubt you will find another
approach in TDI to specify different proxies for different
connections.

I am not very familiar with SOCKS protocol, but I have two basic
questions:

1. Is it possible to have the SOCKS server listen on let's say 1080
and still create a connection to the remote machine on port 389? In
oder words, does the SOCKS server open a port for each remote system
it hides?
2. Can you chain multiple SOCKS servers together, i.e. have the a
proxy tunnel to another proxy in order to connect to the target
system?

If both answers are yes, then I would suggest setting up a local SOCKS
server that will be proxy for the rest of the SOCKS servers.

This way you should be able to keep the authentication configuration
out of TDI's reach - in the local SOCKS server.

Hope This Helps.

Best Regards,
Kaloyan Kolev.

0 new messages