diff --git a/ldapApi/main.go b/ldapApi/main.go
index b21fd6c..1988767 100644
--- a/ldapApi/main.go
+++ b/ldapApi/main.go
@@ -44,7 +44,7 @@ func UserIsInAdminGroup(app *pocketbase.PocketBase, c echo.Context) error {
 	}
 
 	// return error if user is not in admin group
-	return apis.NewUnauthorizedError("Unauthorized: user must be in admin group for ldap search", nil)
+	return apis.NewUnauthorizedError("Unauthorized", nil)
 }
 
 // initLdapLogin
@@ -138,7 +138,6 @@ func initLdapSearch(app *pocketbase.PocketBase, e *core.ServeEvent) {
 		}
 
 		// Connect to the LDAP server
-
 		conn, err := ldap.DialURL(os.Getenv("LDAP_URL"))
 		if err != nil {
 			return apis.NewBadRequestError("unable to connect to ldap server", err)
diff --git a/ldapSync/db.go b/ldapSync/db.go
index 488fe8c..b90af32 100644
--- a/ldapSync/db.go
+++ b/ldapSync/db.go
@@ -122,6 +122,7 @@ func upsertLDAPUser(app *pocketbase.PocketBase, ldapUser *LDAPUser) error {
 	record.Set("dn", ldapUser.dn)
 	record.Set("cn", ldapUser.cn)
 	record.Set("memberOf", memberOfGroupIds)
+	record.Set("REALM", ldapUser.REALM)
 
 	if err := app.Dao().SaveRecord(record); err != nil {
 		return fmt.Errorf("failed to upsert user with dn: %s - %w", ldapUser.dn, err)
diff --git a/ldapSync/ldapSync.go b/ldapSync/ldapSync.go
index 78dba3c..c10a023 100644
--- a/ldapSync/ldapSync.go
+++ b/ldapSync/ldapSync.go
@@ -169,6 +169,7 @@ func syncLdapUsers(app *pocketbase.PocketBase, ldapClient *ldap.Conn) SyncResult
 			cn:               entry.GetAttributeValue("cn"),
 			msSFU30NisDomain: entry.GetAttributeValue("msSFU30NisDomain"),
 			memberOf:         entry.GetAttributeValues("memberOf"),
+			REALM:            "LDAP",
 		})
 		if err != nil {
 			errors = append(errors, err)
diff --git a/ldapSync/models.go b/ldapSync/models.go
index 4623fa6..0727019 100644
--- a/ldapSync/models.go
+++ b/ldapSync/models.go
@@ -10,6 +10,7 @@ type LDAPUser struct {
 	cn               string
 	msSFU30NisDomain string // must be STUVE
 	memberOf         []string
+	REALM            string
 }
 
 type LDAPGroup struct {
diff --git a/ldapSync/tables.go b/ldapSync/tables.go
index 9207660..0a3e482 100644
--- a/ldapSync/tables.go
+++ b/ldapSync/tables.go
@@ -12,7 +12,7 @@ import (
 	"github.com/pocketbase/pocketbase/tools/types"
 )
 
-const ldapUsersTableName string = "ldap_users"
+const ldapUsersTableName string = "users"
 const ldapGroupsTableName string = "ldap_groups"
 const ldapSyncLogsTableName string = "ldap_sync_logs"
 
@@ -124,17 +124,17 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
 	form := forms.NewCollectionUpsert(app, collection)
 	form.Name = ldapUsersTableName        // collection name
 	form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work
-	form.ListRule = nil                   // list rule (only user self can list their own data
-	form.ViewRule = nil                   // view rule (only user self can view their own data)
-	form.CreateRule = nil                 // create rule (anyone can create)
-	form.UpdateRule = nil                 // update rule (anyone can update)
-	form.DeleteRule = nil                 // delete rule (anyone can delete)
+	form.ListRule = nil                   // list rule   (only admins can list)
+	form.ViewRule = nil                   // view rule   (only admins can view)
+	form.CreateRule = nil                 // create rule (only admins can create)
+	form.UpdateRule = nil                 // update rule (only admins can update)
+	form.DeleteRule = nil                 // delete rule (only admins can delete)
 
 	// add common name field, the collection will also have a field named "username" which is the username field. this field is added automatically by the forms.NewCollectionUpsert() function
 	form.Schema.AddField(&schema.SchemaField{
 		Name:        "cn",
 		Type:        schema.FieldTypeText,
-		Required:    true,
+		Required:    false,
 		Presentable: true,
 	})
 
@@ -142,28 +142,28 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "objectGUID",
 		Type:     schema.FieldTypeText,
-		Required: true,
+		Required: false,
 	})
 
 	// add distinguished name field
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "dn",
 		Type:     schema.FieldTypeText,
-		Required: true,
+		Required: false,
 	})
 
 	// add surname field
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "sn",
 		Type:     schema.FieldTypeText,
-		Required: true,
+		Required: false,
 	})
 
 	// add given name field
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "givenName",
 		Type:     schema.FieldTypeText,
-		Required: true,
+		Required: false,
 	})
 
 	// add account expires field
@@ -173,6 +173,13 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
 		Required: false,
 	})
 
+	// add account expires field
+	form.Schema.AddField(&schema.SchemaField{
+		Name:     "REALM",
+		Type:     schema.FieldTypeDate,
+		Required: true,
+	})
+
 	// add groups field
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "memberOf",
@@ -186,8 +193,9 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
 
 	// create index on username
 	form.Indexes = types.JsonArray[string]{
-		"CREATE UNIQUE INDEX idx_ldapUsers_cn ON " + ldapGroupsTableName + " (cn)",
-		"CREATE UNIQUE INDEX idx_ldapUsers_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)",
+		"CREATE UNIQUE INDEX idx_users_username ON " + ldapGroupsTableName + " (username, REALM)", // username must be unique for each realm
+		"CREATE UNIQUE INDEX idx_users_cn ON " + ldapGroupsTableName + " (cn)",
+		"CREATE UNIQUE INDEX idx_users_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)",
 	}
 
 	return form.Submit()