What make you think that access is blocked from outside if, on the other hand, you have checked that at FW level ports are open ?
In order to check whenever access works, from network standpoint, then try to:
- access anonymously (if not already done)
- access only RootDSE
This will tell you whenever access works from protocol standpoint.
Then there is another aspect that is to authenticate successfully. I don't have any such LDAP server to check but as far as I remember, basic authentication will not work. You have to set up SASL authentication or GSSAPI (this should be visible looking at RootDSE)
What is your LDAP client?