Sorry for the delayed answer. Seems like it may not be as easy as I thought, after all..
The problem with Jxplorer is this:
javax.naming.CommunicationException: simple bind failed: 192.168.238.175:7636 [Root exception is javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 192.168.238.175 found]
Apparently it comes down to how certificate LDAP server uses inside container is composed, as SANs take precedence over Subject/CN field in it, and the only DNS name defined in SANs field there is "ldap" - what makes sense only inside container.
Frankly, this is mostly client's (Jxplorer) issue, as it just rejects certificate, without giving user a choice. For example, you still can use `ldapsearch` tool to search inside container via your exposed port, if you specify `-X` argument that cancles thorough certificate verification. So if you have some other LDAP GUI browser that allows the same should do the trick.