LDAP integration known issues

  • Oracle Internet Directory — Oracle Internet Directory (OID) 11.1.1.7.0 has been tested and is supported with the Okta LDAP agent v5.04.01 and later. When Okta searches an LDAP Directory, it leverages a paged search control to optimize how results are returned to the agent. Due to an issue with pagination in the current version of OID (Oracle Bug 25287786), we are aware of a problem where the Okta LDAP agent is unable to query for more objects than the default LDAP page size. While awaiting resolution from Oracle on this issue, customers should evaluate the configuration of the orclsizelimit attribute within their directory to balance scalability, performance and interoperability. Further details are available within the Oracle Internet Directory Administrators Guide.
  • Incremental Import — Each user, group, and OU. or container entry in the LDAP server must have accurate modifyTimestamp value for incremental import to work. If this is not possible, do not use incremental import.
  • LDAP proxy server — When a LDAP proxy server with its own schema is used to connect the Okta LDAP agent to a LDAP server, issues importing user data can occur when the LDAP Proxy Server schema and LDAP server schemas are different. To avoid data importation issues, make sure the LDAP proxy server and LDAP server schemas are identical or make sure that schema discovery requests sent to the LDAP server are transparent.
  • SUSE Linux Enterprise Server — The Okta LDAP agent is not supported on the SUSE Linux Enterprise Server.