instead of dropping ACLs and group membership for missing users,
simply warn and leave it in the config
for users that get removed via the api this happens explicitely
this is to prevent that a 'faulty' ldapsync removes users temporarily
and with it all acls that the admin created
we still have a 'purge' flag for the sync where ACLs get removed
explicitly for users removed from ldap
also adapt the tests
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
we do the same for missing users, groups and tokens, and just like
groups, roles with an empty privilege set are explicitly allowed so
pre-generating placeholders is possible.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>