add (objectClass=member) filter for expired members

ceod/model/LDAPService.py

@@ -236,20 +236,21 @@ class LDAPService:
             raise GroupAlreadyExistsError()
 
     def get_expiring_users(self) -> List[IUser]:
-        query = []
+        clauses = []
 
         term = Term.current()
-        query.append(f'term={term}')
-        query.append(f'nonMemberTerm={term}')
+        clauses.append(f'term={term}')
+        clauses.append(f'nonMemberTerm={term}')
 
         # Include last term too if the new term just started
         dt = ceo_common_utils.get_current_datetime()
         if dt.month == term.start_month():
             last_term = term - 1
-            query.append(f'term={last_term}')
-            query.append(f'nonMemberTerm={last_term}')
+            clauses.append(f'term={last_term}')
+            clauses.append(f'nonMemberTerm={last_term}')
 
-        query = '(!(|(shadowExpire=1)(' + ')('.join(query) + ')))'
+        query = '(!(|(shadowExpire=1)(' + ')('.join(clauses) + ')))'
+        query = '(&' + query + '(objectClass=member))'
 
         conn = self._get_ldap_conn()
         conn.search(