LDAP Account Filter

How do I limit login users to the member of the “fess” groups?
I set
User DN as:
Account Filter as:

However, all users in ou=users,dc=test,dc=com are allowed to log in. When I check the audit.log, groups|roles of the members of “fess” group only displayed when I set Account Filter as: (&(uid=%s)(memberOf=cn=fess,ou=groups,dc=test,dc=com)). If I set Account Filter as: (uid=%s), I can see all members’ groups and roles in audit.log. If the Account Filter is empty, no groups and rules appear in the audit.log.

I thought Account Filter will filter the users allowed to log in.

How do I prohibit the users who are not a member of the certain group e.g “fess”?

Thank you in advance.

I think it’s no configuration.
As you mentioned, the account filter manages added permissions.

Some applications such as OwnCloud and Nexcloud uses Login Attributes or Login filter to control which LDAP users can login.

It would be great if FESS do the same way.