From 6e96e409be510450840e4a80f17125a563610526 Mon Sep 17 00:00:00 2001
From: Max Erenberg <>
Date: Sat, 25 Dec 2021 11:23:06 -0500
Subject: [PATCH] add (objectClass=member) filter for expired members

---
 ceod/model/LDAPService.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/ceod/model/LDAPService.py b/ceod/model/LDAPService.py
index 272333b..496ca49 100644
--- a/ceod/model/LDAPService.py
+++ b/ceod/model/LDAPService.py
@@ -236,20 +236,21 @@ class LDAPService:
             raise GroupAlreadyExistsError()
 
     def get_expiring_users(self) -> List[IUser]:
-        query = []
+        clauses = []
 
         term = Term.current()
-        query.append(f'term={term}')
-        query.append(f'nonMemberTerm={term}')
+        clauses.append(f'term={term}')
+        clauses.append(f'nonMemberTerm={term}')
 
         # Include last term too if the new term just started
         dt = ceo_common_utils.get_current_datetime()
         if dt.month == term.start_month():
             last_term = term - 1
-            query.append(f'term={last_term}')
-            query.append(f'nonMemberTerm={last_term}')
+            clauses.append(f'term={last_term}')
+            clauses.append(f'nonMemberTerm={last_term}')
 
-        query = '(!(|(shadowExpire=1)(' + ')('.join(query) + ')))'
+        query = '(!(|(shadowExpire=1)(' + ')('.join(clauses) + ')))'
+        query = '(&' + query + '(objectClass=member))'
 
         conn = self._get_ldap_conn()
         conn.search(