Slapd Security based on port

Is it possible to prevent anonymous and unauthenticated binds to ldaps:// 636 but allow them on ldap:// 389? I want to allow staff to query my ldaps:// outside of my network while requiring them to login to do so but allow anyone to bind (anonymous, unauthenticated, or authenticated) internally on ldaps//: 389. I know: Anonymous bind can be disabled by "disallow bind_anon" and Unauthenticated bind mechanism is disabled by default. But if I use "disallow bind_anon it stops in on both ports. I want to stop it just on ldaps://. Chris Jackson