LDAP compound search filter doesn't return expected results

Steps to reproduce

1. Prepare two instance A and B
2. Start instance A
3. Deploy vldap-web into instance A
4. create new user named userone in instance A
5. Instance B: set the following in portal-ext.properties

    ldap.base.provider.url.0=ldap://localhost:11389
    ldap.base.dn.0=ou=liferay.com,o=Liferay
    ldap.security.principal.0=test@liferay.com
    ldap.security.credentials.0=test
    ldap.auth.search.filter.0=(cn=@screen_name@)
    ldap.contact.mappings.0=
    ldap.contact.custom.mappings.0=
    ldap.user.default.object.classes.0=top,person,inetOrgPerson,organizationalPerson
    ldap.user.mappings.0=emailAddress=mail\nfirstName=givenName\ngroup=groupMembership\njobTitle=title\nlastName=sn\npassword=userPassword\nscreenName=cn\nuuid=uuid\n
    ldap.user.custom.mappings.0=
    ldap.group.default.object.classes.0=top,groupOfUniqueNames
    ldap.group.mappings.0=groupName=cn\ndescription=description\nuser=uniqueMember
    ldap.import.user.search.filter.0=(&(objectClass=inetOrgPerson)(!(cn=userone)))
    ldap.import.group.search.filter.0=(objectClass=groupOfUniqueNames)
    ldap.users.dn.0=ou=users,dc=example,dc=com
    ldap.groups.dn.0=ou=groups,dc=example,dc=com
    ldap.import.user.sync.strategy=uuid
    ldap.import.interval=1
    company.security.auth.type=screenName
   

6. Start instance B.
7. Go to Portal Setting -> Authentication -> LDAP
8. Click "Add" button under LDAP Servers
9. Test connection and user filter

Expected behavior: Only User Test displays in the list.
Actual behavior: Both User Test and User UserOne displayed in the list.