Known issues for provisioning through an LDAP gateway
The following are known issues or limitations with provisioning through an LDAP gateway.
-
PingOne does not support concurrency for LDAP inbound provisioning using the same gateway connection, even with different User Base DNs.
-
For bi-directional LDAP sync, ensure that the attribute mappings on both rules are identical.
PingOne does not maintain directory hierarchy on outbound to be the same as inbound.
-
In the expression builder, you can use only LDAP attributes that are part of the default attribute list. As a workaround, you can use the ADD feature to map the needed attribute and use it in the expression.
-
The LDAP filter currently does lexicographical comparison for numeric values.
-
In Active Directory, deleting an OU that contains users might not deprovision users in PingOne.
-
PingOne does not support
moddn
operations. -
PingOne does not support updating the
uid
attribute value.