On your server, you can try this command :
sudo ss -tulnp | grep 389
It will inform you about the port 389 who can call it, and what manages it.
On my server, I have this :
tcp LISTEN 0 1024 127.0.0.1:389 0.0.0.0:* users:(("slapd",pid=1362,fd=8))
So, slapd is listening on 127.0.0.1:389, so only calls from my own server are listened.
Bad thing is that I have no idea how to change it, but I am pretty sure someone had a really similar problem in the last few weeks.
I think it was this one : Use Yunohost LDAP from server containers - #3 by tituspijean