Question
How can I check which users have been created since a certain date?
Answer
You can use the + option when using univention-ldapsearch to get some meta information about the objects in LDAP, e.g. univention-ldapsearch uid=mary + . Those include e.g. the creatorsName and createTimestamp. Those meta information attributes can also be queried directly:
univention-ldapsearch -LLL '(&(uid=*)(objectClass=inetOrgPerson)(createTimestamp>=20200916070000Z))' uid createTimestamp
This should find all users that were created on 2020-09-16 07:00:00 UTC or later and give you the username (uid) and the actual create timestamp.
Let’s break this down:
-
univention-ldapsearchis the regular CLI tool on UCS to query the OpenLDAP directly -
-LLLwill reduce the meta information in the output and just give you the results -
'(&(uid=*)(objectClass=inetOrgPerson)(createTimestamp>=20200916070000Z))'is the LDAP filter:-
uid=*-> every object that has any value in the attributeuid(uid = username) -
objectClass=inetOrgPerson-> anything that is considered a person or a user. Might include system users such asjoin-backup, though. -
createTimestamp>=20200916070000Z-> every object that has a create timestamp equal to or bigger than 2020-09-16 on 07:00am in UTC. TheZstands for Zulu time, which is the same as GMT/UTC. -
(&(...)(...)(...))-> this is an AND operation for the LDAP filter (indicated by the “&”), so ALL three statements in the inner brackets must be true. -
uid createTimestamp-> this just tells the ldapsearch to return only the attributesuidandcreateTimestamp. If you don’t specify any attribute here, ldapsearch will return the whole object with all attributes.
-