I wrote:

Assuming the acl call should be there, one simple fix could be to introduce a 'li_wlock' mutex, lock it early on LDAP update operations, and delay locking li_rdwr until the operation is about to update the database.

That does affect scheduling: Incoming read operations bypass pending write operations that are waiting for another write operation. (Since write but not read operations lock li_wlock before li_rdwr.) Looks acceptable to me, back-ldif doesn't exist for max performance.