User cleanup re-saves disabled users without change every night

[michitux]

Steps to reproduce:

• Configure the user cleanup as documented, configuring it to disable users and not delete them.
• Run the job several times while a user exists that is disabled (or no longer exists) in LDAP.

Expected result:

The user is disabled once and the user document is not saved again.

Actual result:

The user is saved again every time the job runs, adding a history entry every night when it runs on the regular schedule.