maintain-dbusers.py creates and updates database accounts for toolforge tools. It creates them but doesn't currently have a way to remove them.
I see two ways to move forward with disabling:
- maintain-dbusers.py could check ldap for disable settings on a tool and remove creds
- maintain-dbusers.py could compare the set of creds with the set of tools and remove all creds for unfound tools
I prefer the latter but it's a bit riskier.