If a user is no longer present in LDAP

This setting determines what the cron will do if a user in your institution has no matching record in your LDAP server.

Note: This setting only applies to users who have this authentication instance as their authentication method.

Do nothing
No action will be taken. (This is the recommended setting.)
Suspend user's account
The user's account will be suspended. The user will no longer be able to log in, and their content and pages will not be viewable. However, none of their data will be deleted, and the user can be un-suspended by the cron when their LDAP record reappears, or manually by an administrator.
Delete user's account and all content
Use with caution! The user's account will be deleted, along with all their content and pages. The data is fully deleted from the server, so this action requires a server backup to reverse.