|
Implements a different mechanism for cleanup task. Instead of just
deleting expired entries, this patch adds a new option
account_cache_expiration for domains. If an entry is expired and the last
login was more days in the past that account_cache_expiration, the entry is
deleted.
Groups are deleted if they are expired and and no user references them
(no user has memberof: attribute pointing at that group).
The parameter account_cache_expiration is not LDAP-specific, so that other
future backends might use the same timeout setting.
Fixes: #391
|