If an account is no longer present in LDAP

This setting determines what the cron will do if a person in your institution has no matching record in your LDAP server.

Note: This setting only applies to people who have this authentication instance as their authentication method.

Do nothing
No action will be taken. (This is the recommended setting.)
Suspend account
The account will be suspended. The account holder will no longer be able to log in, and their content and portfolios will not be viewable. However, none of their data will be deleted, and the person can be un-suspended by the cron when their LDAP record reappears, or manually by an administrator.
Delete account and all content
Use with caution! The account will be deleted along with all the content and portfolios held within it. The data is fully deleted from the server. If anything from this account is still needed, a full backup of the instance is needed to retrieve the account.