diff --git a/app/models/authenticator/base.rb b/app/models/authenticator/base.rb
index dd7d090bcc4..5d366270168 100644
--- a/app/models/authenticator/base.rb
+++ b/app/models/authenticator/base.rb
@@ -244,7 +244,7 @@ def failure_reason(_username, _request)
 
     def case_insensitive_find_by_userid(username)
       user =  User.lookup_by_userid(username)
-      user || User.in_my_region.where('lower(userid) = ?', username.downcase).order(:lastlogon).last
+      user || User.in_my_region.where(:lower_userid => username.downcase).order(:lastlogon).last
     end
 
     def userid_for(_identity, username)
diff --git a/app/models/user.rb b/app/models/user.rb
index de7e335c64e..5ee6d06e0af 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -109,12 +109,26 @@ def self.lookup_by_email(email)
   # often we have the most probably user object onhand. so use that if possible
   def self.lookup_by_lower_email(email, cache = [])
     email = email.downcase
-    Array.wrap(cache).detect { |u| u.email.try(:downcase) == email } || find_by(['lower(email) = ?', email])
+    Array.wrap(cache).detect { |u| u.lower_email == email } || find_by(:lower_email => email)
   end
 
   singleton_class.send(:alias_method, :find_by_lower_email, :lookup_by_lower_email)
   Vmdb::Deprecation.deprecate_methods(singleton_class, :find_by_lower_email => :lookup_by_lower_email)
 
+  def lower_email
+    email&.downcase
+  end
+
+  virtual_attribute :lower_email, :string, :arel => ->(t) { t.grouping(t[:email].lower) }
+  hide_attribute :lower_email
+
+  def lower_userid
+    userid&.downcase
+  end
+
+  virtual_attribute :lower_userid, :string, :arel => ->(t) { t.grouping(t[:userid].lower) }
+  hide_attribute :lower_userid
+
   virtual_column :ldap_group, :type => :string, :uses => :current_group
   # FIXME: amazon_group too?
   virtual_column :miq_group_description, :type => :string, :uses => :current_group
@@ -333,7 +347,7 @@ def regional_users
   end
 
   def self.regional_users(user)
-    where(arel_table.grouping(Arel::Nodes::NamedFunction.new("LOWER", [arel_attribute(:userid)]).eq(user.userid.downcase)))
+    where(:lower_userid => user.userid.downcase)
   end
 
   def self.super_admin
diff --git a/lib/token_store/sql_store.rb b/lib/token_store/sql_store.rb
index 511f4a9e4fe..112c256ee52 100644
--- a/lib/token_store/sql_store.rb
+++ b/lib/token_store/sql_store.rb
@@ -47,7 +47,7 @@ def session_key(token)
     end
 
     def find_user_by_userid(userid)
-      User.in_my_region.where('lower(userid) = ?', userid.downcase).first
+      User.in_my_region.where(:lower_userid => userid.downcase).first
     end
 
     def find_user_by_id(id)
diff --git a/tools/miq_config_sssd_ldap/configure_database.rb b/tools/miq_config_sssd_ldap/configure_database.rb
index 8dc63c08903..8dd0880df57 100644
--- a/tools/miq_config_sssd_ldap/configure_database.rb
+++ b/tools/miq_config_sssd_ldap/configure_database.rb
@@ -74,7 +74,7 @@ def dn_to_upn(userid)
 
     def find_user(userid)
       user = User.lookup_by_userid(userid)
-      user || User.in_my_region.where('lower(userid) = ?', userid).order(:lastlogon).last
+      user || User.in_my_region.where(:lower_userid => userid).order(:lastlogon).last
     end
   end
 end