Scan for users without groups

To have better control about users, which logged in first time by LDAP and did not get mapped to default group, we use some SQL / bash script to inform the webmaster about that:

vim /opt/teedy-unmapped-users.sh

#!/bin/bash
#check for new users which have been created the last 10 minutes, but have no propery group membership. if result is not empty we send a new email
DB_USER="db_user"
DB_NAME="db_name"
OUT=$(psql -t -U$DB_USER $DB_NAME --no-align --command="
SELECT DISTINCT
    use_username_c,
	use_email_c
FROM t_user AS U
WHERE
    U.use_deletedate_d IS NULL AND
    U.use_disabledate_d IS NULL AND
    U.use_username_c NOT IN ('guest')
    
EXCEPT
    
SELECT DISTINCT
    use_username_c,
	use_email_c
     --count(use_id_c) AS "Gruppenanzahl"
FROM t_user AS U
JOIN t_user_group AS UG ON UG.ugp_iduser_c = U.use_id_c
JOIN t_group AS G ON G.grp_id_c = UG.ugp_idgroup_c
WHERE
    U.use_deletedate_d IS NULL AND
    U.use_disabledate_d IS NULL AND
    UG.ugp_deletedate_d IS NULL AND
    G.grp_deletedate_d IS NULL AND
    G.grp_name_c NOT IN ('Administratoren', 'Group2', 'Editors', 'Viewers') AND
    U.use_username_c NOT IN ('admin', 'anotherUser', 'anotherUser2')
GROUP BY use_email_c, use_username_c, use_id_c
;

")
 
if [[ ! -z $OUT ]]; then
    #echo -e -n _${OUT}_
	BASE_URL="https://dms.domain.org"
	BASE_URL="http://localhost:8080/dms"
	TEEDY_USER="ujoZzkKw2g"
	AUTH_TOKEN=$(psql -t -U$DB_USER $DB_NAME --command="SELECT aut_id_c FROM t_authentication_token AS A JOIN t_user AS U ON U.use_id_c = A.aut_iduser_c WHERE use_username_c = '$TEEDY_USER' AND aut_lastconnectiondate_d IS NOT NULL LIMIT 1;")
	if [ -z "$AUTH_TOKEN" ]
	then
    	echo "NO AUTHTOKEN. Please create a session for the user first to automate things!" >&2 #print to stderr to trigger cron.d mail on error
    	exit 1
	else
		for LINE in $OUT; do
			IFS='|' read -r -a LINE <<< $OUT
			USER=${LINE[0]}
			EMAIL=${LINE[1]}
			echo $USER
			echo $EMAIL
			MSG="Mapping $USER to 'Aktivmitglieder'"
			curl -X PUT -H "Cookie: auth_token=$AUTH_TOKEN" "$BASE_URL/api/group/Aktivmitglieder" -d "username=$USER" -k | jq .
			echo $MSG
		    echo -e -n " "$MSG | mail -s "dms.domain.org | Dein Account wurde freigeschalten" webmaster@domain.org #copy
		    echo -e -n " "$MSG | mail -s "dms.domain.org | Dein Account wurde freigeschalten" $MAIL
		done
	fi
else
    echo "No users to map to groups ..."
fi