Configure a LDAP connector and resource, use the LDAPMembershipPropagationActions propagator class, add a LDAP role to a user, then try to remove that role. The role is removed in Syncope but not LDAP; the next sync will add it back in Syncope.
In LDAPMembershipPropagationActions, line 75 (Syncope 1.1.0), there is a conditional on:
ResourceOperation.DELETE != task.getPropagationOperation
So LDAPMembershipPropagationActions refuses to process any delete operations.
Should the operation be DELETE here (vs UPDATE)? If so, LDAPMembershipPropagationActions needs to deal with DELETE appropriately.