Hi,
Some LDAP servers store the user password in the password field (I know, that sounds obvious :) ), so external authorized users (admin/service accounts) could read the password and sync it for example.
The Microsoft AD (MS LDAP server), stores the password with a 1way algoritm, so a password can be validated, but not reverse de-crypted. Due to this (good) decision, any external system can sync all the ldap objects and their attributes, but not the password.
So IMC UAM can sync the new/existing users and their attributes, but not the password. This is why the AD LDAP sync does not allow the ldap password sync.
For IMC UAM to authenticate users with their password, the IMC UAM server must be joined to the domain, (see domain controller assisted PEAP auth), so it can validate the user pass at the moment the user actually logs in.
Best regards,Peter.