A lot of people, even sharp technicians, I've noticed tend to avoid LDAP queries like the plague. I think the reason is the lack of basic understanding.
Simple things like understanding the operators (such as & being AND, | being OR, ! being NOT, etc) can help immensely.
My final product for the filter is:
A great quick site to glance at for a general overview is here.