Automatically expire LDAP users for clubs #110
The LDAP user entries for clubs (which do not have corresponding Kerberos principals) should have
shadowExpire=1 set when they no longer have any active club reps. This way, PAM will prevent their cron jobs from running. Resources such as cloud VMs and vhost configs (on caffeine) should automatically get removed/disabled, and an notification email should get sent. A warning email should be sent at least one week in advance.
We will need to add a new API endpoint, e.g.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?