On-demand de-provisioning.

[wsanchez@…]

Principal and calendar home resources need to be de-provisioned somehow. See #25 for how I expect it to work, based on the directory service.

What's presently missing is handling the case where a disabled user is re-enabled with a new GUID (meaning it's a new user with the same short name). Right now, the new user sees the old user's data.

Moving to 2.x for the rest.

[wsanchez@…]

Ticket #159 fixed part of this, which is that recycled usernames no longer get the old user's ACL access, which is tough for an admin to clean up (requires scanning all ACLs in all resources). Now an admin still needs to remove the home collection before re-assigning a short name, which is more manageable.

Still need to fix this, but moving to 1.1.

[wsanchez@…]

More fixes via #231.

I think the only remaining item is to decide what should happen to meetings involving dead accounts.

If a dead account is an attendee, it's may be OK to leave things be. If, however, a dead account is an organizer, that's a problem, since attendees need to know that the meeting organizer is gone (which implies that the meeting should go away), and particularly because resources/rooms/etc. could remain booked when they should be freed up.

We may need a more explicit deletion step for that, since it would modify data irreversibly. The current de-provisioning can be undone by re-adding the account, but this would actually cancel meetings.

Perhaps a caladmin tool to list and/or remove de-provisioned accounts.