Port 389 (LDAP) — What It Is and How to Use It

Port 389 is the standard port for the Lightweight Directory Access Protocol (LDAP). LDAP is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services, providing a centralized repository for user authentication and authorization.

Last updated: 2026-03-02

                Port Number
                389
            

Protocol LDAP

Common Use Cases

Centralized user authentication and authorization across multiple applications and systems.
Storing and managing user profiles, group memberships, and other directory information.
Providing a single point of administration for user accounts and access control.

Check if Port 389 is Open

netstat -tulnp | grep :389

Get-NetTCPConnection | Where-Object {$_.LocalPort -eq 389}

⚠️ Security Note: Leaving port 389 open without proper security measures can expose sensitive directory information. It is crucial to implement access controls, encryption (LDAPS on port 636 or STARTTLS), and regular security audits to mitigate potential risks.

Related Ports

Frequently Asked Questions

Is port 389 dangerous to leave open?

Leaving port 389 open without proper authentication and encryption (like STARTTLS) can be dangerous. Attackers could potentially query the directory for sensitive information, such as usernames, passwords (if stored insecurely), and other organizational data. Always implement strong security measures.

What service uses port 389?

The primary service using port 389 is the Lightweight Directory Access Protocol (LDAP). This protocol is used by directory services like OpenLDAP, Active Directory (though AD also uses other ports), and other similar directory-based systems.