LDAP integration known limitations
The following table lists the known limitations with Okta (Lightweight Directory Access Protocol) LDAP integrations.
| Feature | Comments |
|---|---|
| Supported Directories | The Okta LDAP Agent supports most LDAPv3 servers that are compliant with RFC 4510 and has been tested with the following: |
| Scenarios |
Notable features not supported by the LDAP Agent:
The Okta LDAP Agent isn't recommended for large LDAP migrations. |
| Operations | The following operations are supported on all LDAP directories:
The following operations are only supported on specific directories:
|
| Schema |
|
| Group imports | Okta limits the total number of bytes that can be sent from an Active Directory (AD) or LDAP agent to the Okta server in a single request to 20,971,520 bytes (20 megabytes). To avoid exceeding Okta size limitations during data import, result sets containing multiple group objects are split into separately sized units and each unit is sent in a separate request. A single group that exceeds the defined size limitation is still sent to Okta. But a standard HTTP 413 (Payload Too Large) error might be returned if the size exceeds 250,000 bytes (0.25 megabyte). The length of the group distinguishedName (dn), the length of the user dn within the group, and the group membership size all contribute to the total bytes sent to Okta. If you receive an HTTP 413 (Payload Too Large) error, Okta recommends splitting direct group membership into nested group membership or subgroups. This helps to avoid the size limitation and allows the data to be sent in a single request. |