The LdapProvisioner performs a delete then add on several provisioning statuses, specifically CoPersonAdded, CoPersonPetitionProvisioned, CoPersonPipelineProvisioned, CoPersonUnexpired. For Petition/Pipeline updates, this should probably be a modify instead (which will promote to an add if needed), since there are various circumstances where this is problematic.

eg: An account linking flow that does not change memberships will cause a delete-then-add, and while the GrouperProvisioner will pick this up Grouper itself will not detect a change and so will not rewrite LDAP. There may be other similar scenarios.

It's not clear if this should be backported to 1.0.x, since other provisioning related changes may have masked this behavior in prior versions.