I see an inconsistency on how OpenIDM handles the uidAttribute in Ldap Provisioner configuration. If you create a new Ldap Connector via the UI, the uidAttribute will be entryUUID. However, if you take from the samples/provisioner directory, uidAttribute will be set to dn.
To be immutable, the uidAttribute should be set to entryUUID by default.
In OpenIDM 3.1 the file, samples/provisioners/provisioner.openicf-ldap.json, was edited a long time ago and uidAttribute was changed from entryUUID to dn based on this comment:
"Update the sample LDAP configs (disable the paging, use dn instead of entryUUID due to the bug in connector)"
Not sure if that is still and issue or which bug is being referenced.