To open the LDAP server's TCP ports 389 and 636 in the iptables firewall, you can use the following commands:
iptables -A INPUT -p tcp --dport 389 -j ACCEPT iptables -A INPUT -p tcp --dport 636 -j ACCEPT
These commands will allow incoming connections to the specified ports. Be sure to allow only the ports that you need to expose to the network.
It is also a good idea to limit access to the LDAP ports to specific IP addresses or subnets if possible. This can be done by specifying the source IP address or subnet in the iptables rule, like this:
iptables -A INPUT -p tcp --dport 389 -s 10.0.0.0/24 -j ACCEPT
This will allow incoming connections to port 389 only from IP addresses in the 10.0.0.0/24 subnet.
Remember to save your firewall rules after making any changes, so that they will be applied on boot. You can do this using the iptables-save command.