According to LDAP Wiki attribute sn (surname) is mandatory in LDAP. Currently though in ERPNext only First Name field can be set to be retrievable from LDAP. Current approach can be understood from the point that only full name (cn) and last name (sn) ar LDAP mandatory and the most sense can be seen in using only the first one instead of both and not rely on optional fields - minimalistic approach. But that on it’s own introduces issues when LDAP is used. I had to do spreadsheet magic (import/export user excel) to split full names that were crammed into first name field into first name and last name. Generally speaking doesn’t help much with automation.
My suggestion is to add Last Name = sn field at least as option.
Same problem addressed here.