Use LDAP instead of NSS for authz lookup
Use LDAP instead of NSS (i.e. the grp/pwd packages in Python) when looking up a user for authorization purposes, to avoid data staleness issues.
This will require some changes to the unit tests, many of which depend on the ctdalek user which is not present in the test LDAP tree.
Deleting a branch is permanent. It CANNOT be undone. Continue?