A security analyst at XYZ Corp is conducting a network assessment and discovers that port 389 is open on a domain controller. Further investigation reveals that the server is accepting unencrypted authentication requests from clients. The analyst warns that attackers could intercept these communications to capture credentials or perform unauthorized directory lookups. Which service is most likely running on port 389?