LDAP and the Internet

Okay, so what I’m wondering is how big of a security risk is it to expose LDAPS to the internet.

I feel it could easily be brute forced, but someone would have to know the bind dn. For most set ups it generally represents the FQDN, so finding the bind dn is easy.

The layout is also the same for most directories (users are uid=blah,ou=People or ou=User,dc=FQDN,dc=tld).

Does anyone do this or have any thoughts? I’m thinking of doing it to be able to use one login for if I’m away with a laptop or exposing it so I have my email contacts remotely.