there isn't a sync required as you're directly connecting your CA-RA instance with your LDAP
what you need to do though is set permissions for the users/groups. everyone in the LDAP can log on, but they won't see any application as long as they don't have permissions for them.
but if you're for example using an AD group to handle permissions for an application and later on a new user is added to this ad group, it will work immediately