We're operating an LDAP mirror of the corp LDAP server operated by Office IT. The primary use case of that mirror is to allow the mail servers to identify users of wikimedia.org accounts.
In the current replica, users disabled by Office IT are not distinguishable from standard users (which is fine for the mail server use case).
It would however to nice to also allow queries on the account status from production networks, e.g. for cross-checking accounts disabled in production against their status in Office IT LDAP. Possible approaches would be a custom attribute, researching the existing account flags or modifying the replication.