How to delete old nextcloud users

When removing users from LDAP, they commonly don’t get deleted from the nextcloud right away, to ensure a smooth and easy restore process in case that the user has been deleted accidentally. This also means, that users have to be removed manually on side of nextcloud if license restrictions or storage limitations are causing issues.

Using the nextcloud UI this is not possible, as the user:list call seemingly only returns users, that are also available in the backing directory service, but user:info etc. does.

Environment

• UCS 5 with nextcloud hub installed from the appcenter
• Small or medium sized environments (for larger infrastructures with ~1000+ users a dedicated listener module or similar makes more sense due to shell limitations of 256KB)

Process

Step 1: Get a list of currently available Accounts in the LDAP:

existing_users=$(udm users/user list | awk -F ':' '/^\s*username:/ {print $2}' | xargs | tr ' ' '|')

Step 2: Get a list of current users in the nextcloud database, create a list and manually compare it with expected values as safety measurement:

sudo -u postgres psql nextcloud -c "SELECT uid from oc_accounts" -t 2>/dev/null | xargs -L1 | while read line; do echo $line | grep -qE "^${existing_users}$" || echo $line; done | tee ~/nc_users_to_delete.txt

Step 3: Delete the users in the previously generated list (after previous verification):

cat ~/nc_users_to_delete.txt | while read line; do echo $line; univention-app shell -u www-data nextcloud /var/www/html/occ user:delete "$line" ; done