Yeah, we never operated directly on the LDIF anyway. We had an ansible config that created, so we added a new server and it'd go in LDAP, and LDAP would feed the internal DNS and our (pre-Kubernetes) orchestration system.
While I agree about the query language, the only custom bits above required 2-3 ready baked queries we had to figure out once. If you need complex queries, I absolutely wouldn't use LDAP, but for that use that was not a consideration.
This sounds like a wonderful system. It's sad that Kubernetes is to tech like Facebook was to web forums. It killed all crafted and tailored systems in favor of a big bowl of badly written integration spaghetti. (And I'm allowed to say that because I do such things for money.)
While I agree about the query language, the only custom bits above required 2-3 ready baked queries we had to figure out once. If you need complex queries, I absolutely wouldn't use LDAP, but for that use that was not a consideration.