In the tenant organization, Administer > Identity Providers > LDAP, LDAP Mode: System is selected.

However, when searching for users in Access Control, there are no results.

VCF Automation 9.x

This is working as designed:

The LDAP "system" setting imports the configuration from the LDAP section of the provider. This is how providers present an LDAP for use in tenants (which can thus be different from the provider VCF SSO)

To inherit the provider LDAP configuration in the tenants, you must set this up in the provider in the "LDAP" tab, rather than the OIDC / VCF-SSO tab.

If you would like to use VCF-SSO in tenant organizations, then you can set this up as an OIDC connection inside the tenants and allow access.

For more information, see TechDocs: VCF Automation Identity and Access Management Design