We use LDAP integration with AEM. How do we query to get all users who haven't logged in for a long time?
You can rely on the rep:lastSynced property stored when a user has it's properties synchronized from the LDAP server.
Opomba:
rep:lastSynced is updated by the DefaultSyncHandler in Oak so this only applies to authentication handlers that utilize it to synchronize the users.
For example, AEM's SAML and LDAP integrations use the DefaultSyncHandler.