LDAP filter authorization

[PeLbmaN]

Hey, i have problem with filter of ldap authorization(MS AD). Can you check it and tell me what did i do wrong? Thank you.

location = /auth-proxy {
            internal;
            proxy_cache auth_cache;
            proxy_cache_valid 200 10m;
            proxy_cache_key "$http_authorization$cookie_nginxauth";
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";
            proxy_pass http://localhost:8888;
            proxy_set_header X-Ldap-URL "ldap://ip_server";
            proxy_set_header X-Ldap-BaseDN "ou=Accounts,dc=test,dc=com";
            proxy_set_header X-Ldap-BindDN "username";
            proxy_set_header X-Ldap-BindPass "pass";
            #proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)"; -> can login
            proxy_set_header X-Ldap-Template "(&(cn=%(username)s)(memberOf=cn=ELK_admin,ou=ELK,ou=Resources,ou=Groups,dc=test,dc=com))"; -> can`t login
        }