Is it generally acceptable to expose LDAP in read only mode to the Internet?
Solution 1:
It depends completely on what's in the LDAP directory.
For Active Directory, absolutely not, even for an RODC - the security profile of these devices is designed for being inside your network (the RODC specifically is hardened against physical compromise, so you can keep it in a closet - a physical compromise of a normal DC would give an attacker control of the domain and all users' password hashes).
An attacker could gain a mountain of information from AD - usernames to try to authenticate with, system names, some amount of network topology.. if not enough to attack with directly (password attacks against a different public endpoint, like VPN?), certainly enough to put together a solid social engineering or spear phishing attack.
Solution 2:
No, it would not be generally acceptable. Not sure what you are trying to achieve but I would say the correct way is to first establish a VPN connection and then connect to LDAP.