Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
admin/settings/ldap/ldapprov/test takes $_POST parameters and takes actions based on them. Ideally the $_POST should contain a token as shown in this article about csrf.
I can't think of any way to actually abuse this functionality without already owning the site, so I'm posting this publicly, but it feels worth doing just in case...