Optimize LDAP Active Directory search filter query for user email using a substring

In my Rails 3.2.11 app(using ruby 1.9.3-p327) I'm trying to search for
users in AD LDAP by their email.

I am using net-ldap 0.2.2 gem .

The current filter that I'm using is:-

    filter = Net::LDAP::Filter.eq( "mail", "*#{str}*")

Here "str" basically refers to a part of a user's email.

Now this filter will search for entries irrespective of whether its a
group or an actual user in the organisation. **I don't want it to search
for group email id's when doing search for a user record**.

One more thing that I observed is that since I am searching for a
substring, the query is taking longer. If I only search for the trailing
part of the string(pls refer code below) the query returns faster.

    filter = Net::LDAP::Filter.eq( "mail", "#{str}*")

Since certain user emails are in the format
lastname.firstname@company.com , I thought I would need to use a sub
string search for better results.

I queried LDAP to get separate entry records for a user and a group to
see what could be used as a differentiator in my filter search. I found
that the objectcategory attribute is different wrt a user and a group.

Here's a sample output of the objectcategory attribute for

a) group


b) user


I read about using join filters from the [net-ldap documenation][1]

Based on the above link the filter I would be using is:-

    x = Net::LDAP::Filter.eq( "mail", "*mohn*") . This gives me all
email ids that have "mohn" as a substring .

    y = Net::LDAP::Filter.eq( "objectcategory", "*Person*"). I know for
sure somewhere this filter query is incorrect, but how can I change this
to an appropriate search filter for objectcategory ?

I'm using a join on the two filters:-

    filter = Net::LDAP::Filter.join(x, y)

How can I change the filter query "y" to give me faster search results ?

Also, I'm not sure if scope option as part of the [search method][2] can
help me further optimize my query. Can you please throw some light on
the usage of this as well ?


  [1]: http://net-ldap.rubyforge.org/Net/LDAP/Filter.html
  [2]: http://net-ldap.rubyforge.org/Net/LDAP.html