Some for Gerrit and some other tools are managed in LDAP by ops. It will be a big headache / regression to have to doubly manage all membership for Phabricator if we can't sync groups in some way with LDAP. Honestly, it would be great to be able to do now, and the lack of it has been acutely felt.
I found an issue from someone else that outlines essentially our needs.
We should track and encourage this one.