(for example see T232936).
But nowadays there is not just "a LDAP" server anymore, there are read-only replicas and it has been said that cloud VPSes can use these ro-replicas for testing. For example to get a Gerrit running in cloud VPS to be able to test changes before applying them in prod.
Apparently there is a conflict between the official ToS and what is communicated internally. Let's please clarify that / if it is ok for cloud VPS projects to use ro-LDAP servers and if not which LDAP servers exactly they are allowed to use. (Setting up their own LDAP server has also been discouraged because we want to use centralized settings for LDAP servers.