I have enabled the LDAP interface in Okta. I am able to connect to this using an LDAP bind account, I have also been able to configure this LDAP bind account to not require MFA. (This will be needed for supporting various LDAP apps.)

I can using the ldap bind account do an LDAP search using ldapsearch with a filter for the LDAP bind account and those details are returned. However using a filter for any account other than the bind account returns zero results. A wildcard filter e.g. uid=* only returns the LDAP bind account.

I even managed to get LDAP Browser working to connect to Okta and it also only returns the bind account.

This currently makes the LDAP interface useless. I have not yet tried it but I suspect for the same reason - whatever that is, trying to search for LDAP groups or group memberships will similarly fail.

What is going wrong? There are after all hardly any LDAP settings to change in Okta.

It is not likely to be critical, but as a related question is it possible to write via LDAP to Okta? This might be to update Department or other LDAP fields.