Internet-Security.com TCP port 389 details

TCP port 389 is used by the LDAP protocol for directory services.
Microsoft Active Directory Domain Services (Windows Server domain controllers) listen on 389 for LDAP queries and binds (unencrypted or via STARTTLS).
OpenLDAP (slapd) on Linux/Unix uses 389 as its default LDAP port.
Red Hat 389 Directory Server and FreeIPA use 389/TCP for LDAP.
Samba Active Directory Domain Controller and macOS Open Directory also provide LDAP on 389.
Enterprise directory products like Oracle Unified Directory/Internet Directory, IBM Security Directory Server (Tivoli), Apache Directory Server (ApacheDS), and ForgeRock/PingDirectory listen on 389.
Many network devices and apps (e.g., Cisco ASA/IOS for AAA, Splunk/Confluence/Jenkins for LDAP auth) connect to LDAP servers on port 389 as clients.
Security note: 389 is frequently targeted for LDAP enumeration, anonymous-bind information disclosure, password spraying, and NTLM relay attacks against Active Directory (mitigate by enforcing LDAP signing/LDAPS).

TCP 389