diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index e79608ab5f8d8fb7b9cfd10863127ebab6494529..dabdcf8815c528dde58693ec975c1d11c3c5289c 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -468,7 +468,8 @@ The role implements the following:
 * Creates user-supplied groups in LDAP.
 * Configures permissions.
 * Creates LDAP entries.
-* Configures firewall to allow incoming connections to the LDAP server.
+* Configures firewall to allow incoming connections to the LDAP server (via both
+  TCP 389 and 636).
 * Sets the LDAP server administrator's password.
 
 
diff --git a/roles/ldap_server/files/ferm_ldap.conf b/roles/ldap_server/files/ferm_ldap.conf
index bcbd7625133a841d82202f54aad849eeddf30646..e831f4bd9a91941cbafde64a6e03c0ea3dc42182 100644
--- a/roles/ldap_server/files/ferm_ldap.conf
+++ b/roles/ldap_server/files/ferm_ldap.conf
@@ -1,5 +1,6 @@
 table filter {
     chain INPUT {
         proto tcp dport 389 ACCEPT;
+        proto tcp dport 636 ACCEPT;
     }
 }
\ No newline at end of file