Report Users with UID >= 1000
I decided to take a more complex approach with this task than would be necessary on a "standard" Linux installation to make the script more robust. It still has some tweaks that would need to be made on a University domain-joined computer (namely, checking the lastlog command and only printing users who have actually logged in, depending on the purpose of the report, since otherwise it would include all accounts, as LDAP providers usually handle authorization independently of user enumeration and authentication). However, for smaller lists of centralized users, or for a system that makes heavy use of ephemeral users managed by systemd, this script will work.
I did this mainly because I use centralized authentication on my personal computers (mainly for synchronization of user IDs for NFS reasons), so I wanted to make sure I didn't provide a script that wouldn't even function on my own computers. It is, admittedly, less valuable to parse getent passwd enumeration when working with a large number of users in the central auth server.
However, what I see as the main purpose of a report like this -- getting a list of people who can log into a server -- would be better accomplished by checking the LDAP settings on said server and doing a manual LDAP search based on those settings. That way, you wouldn't have to filter out all the users that are not allowed to log in (and will be blocked at the authorization stage by the PAM account LDAP module) but can still be resolved.
As for some design decisions I made:
- I use
awkto do the filtering, rather than a shellifstatement, because I'm already using it to format the output. Thecutcommand would work for extracting the fields, but can't format the output in one go likeawkcan.