LDAP Sync / Search
I had a question around the LDAP sync. Currently we have parameter 2050 set - Enable Realtime LDAP Search for Access Request User. My thought is that if we have this set,,we do not need to run a resp LDAP sync since its searching real time. Correct? I never understood if you need to sync the LDAP or not.
We are having an issue though... Our AD admin is locking users LDAP accounts before the SAP security team can go into GRC, search the users and submit a terminate / lock request. Since the account is locked, the team cannot search the account in GRC. If I run a night sync job nightly, will it store all the LDAP account locallly in GRC. SO if the account is locked in AD, the team will still be able to seach for it.
If I use the sync do I turn of 2050 or can I have them both set?