I think the current implementation of our LDAP service is mostly for internal usage.
However, the server uses a public IPv4 (like `seaborgium.wikimedia.org) and an acme-chief/Let's Encrypt certificate.
In some situations these specs can cause conflicts or weird situations. For example the openstack codfw1dev deployment has a LDAP that doesn't even have any associated wikimedia.org address / server and mandatory dependency on LE integration (via puppet) makes even less sense (see T339905: codfw1dev: LDAP setup needs a refresh so TLS works)
This ticket is to review if this is desirable, which may also have implications for things like T317183: Move ldap-replicas to private IPs