I have a Java web app on machine (X) that needs to talk to an LDAP server (Y) on :636, but the LDAP server is only accessible on a particular network.
I can login to a machine (Z) on that network from X, and this machine can talk to the LDAP server on :636.
How can I tunnel so that X can access Y:636 via Z?
Thanks,
Bill 
Run this on machine X:
ssh -L 9999:Y:636 username@Z
Once logged in, this should open a port on the machine you run 'ssh' on, so the app running on X can access Y:636 via localhost:9999
If you want the local port to be 636 too, you'll need to run ssh as root, since ports <1024 require privileged access.
Thanks Corona688, that worked!