LDAP integration known issues
- Oracle Internet Directory — Oracle Internet Directory (OID) 22.214.171.124.0 has been tested and is supported with the Okta LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. v5.04.01 and later. When Okta searches an LDAP Directory, it leverages a paged search control to optimize how results are returned to the agent. Due to an issue with pagination in the current version of OID (Oracle Bug 25287786), we are aware of a problem where the Okta LDAP agent is unable to query for more objects than the default LDAP page size. While awaiting resolution from Oracle on this issue, customers should evaluate the configuration of the orclsizelimit attribute within their directory to balance scalability, performance and interoperability. Further details are available within the Oracle Internet Directory Administrators Guide.
- Incremental Import — Each user, group, and OUAn acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority.. or container entry in the LDAP server must have accurate modifyTimestamp value for incremental import to work. If this is not possible, do not use incremental import.
- LDAP proxy server — When a LDAP proxy server with its own schema is used to connect the Okta LDAP agent to a LDAP server, issues importing user data can occur when the LDAP Proxy Server schema and LDAP server schemas are different. To avoid data importation issues, make sure the LDAP proxy server and LDAP server schemas are identical or make sure that schema discoveryAbility to import additional attributes to Okta requests sent to the LDAP server are transparent.