The synchronize direction should be one way and fully in-sync.
It depends on which to use as main user management.
If Liferay is acting as the main user management and share to LDAP, it should sync the user data from Liferay to LDAP. (Includes deactive and delete).
If LDAP is acting as the main user management, the disabled LDAP user should be deactivated in portal as well.