is there any possibility to filter all token, which are assigned, but the assigned user cannot be found in the given resolver anymore (without using usercache)?
I want to clean up the token-database, so that orphaned tokens of user, which do not belong to the vpn-ad-group anymore, can be deleted.
The GET /token - API does not allow the needed filters.
You can use the privacyidea-token-janitor tool for this task: $ privacyidea-token-janitor find --orphaned 1
It also allows to delete the found tokens with --action delete.
just tested this tool and I it is awesome.
That was one main issue with the former LinOTP-Software, which resulted in various orphaned tokens. Janitor provides the exact solution(s) I needed.
Thank you very much and thumbs up for privacyIDEA and its tools.