LDAP: Issues with admin filter

im currently playing arround with a ldap setup for my gitea instance.
Or more like im setting up ldap to synchronize the authantication between several services im hosting so users dont have to remember 5 different usernames/password.

I could easly get authentication working with both ldap methods but i cant get the admin filter working correctly.

I have two groups on my ldap server:


my main user filter is the following:


This works fine and only users which are a member of the gitea group can authenticate.

Tried the same for my admin filter:


But this fails, i can see why in my ldap server logs. The admin filter wont substitute the %s with the correct username so this search turns up empty. I also tried only filtering by memberOf:


But this results in every user getting admin previlges… :stuck_out_tongue:
its seems like its just searching for this filter on the ldap server and doesnt care to which user this applies.

Any idea how to fix this or is it a bug that the substitution isnt working?
I can live without setting admin previlges using an ldap group as i always could set this using the gitea ui if i ever need it, still wondering whats the issue…