I created the following filter for search users in Active Directory:
(&(objectClass=*)(|(sAMAccountName=u)(userPrincipalName=u))
It is possible to create more qualified filter:
(&(objectClass=person)(|(sAMAccountName=u)(userPrincipalName=u))
The question is why?
What benefits of using specified class person?
Is it possible that the same directory contain object where objectClass is not person but the following is true (|(sAMAccountName=u)(userPrincipalName=u))?
Why not always use (objectClass=*) in the LDAP search filter?
(objectClass=*) is a present filter used to filter out objects that have no populated objectClass ... which is none, since all LDAP objects have at least one structural objectClass, hence the filter component in the first filter is unnecessary and may even slow down the search, depending on the server configuration.
The first filter in your question might cause the server to make comparisons using matching rules that are unnecessary. The second filter is a better filter from a performance perspective, assuming that an index for objectClass equality has been created on the server.