diff --git a/aaa/src/main/java/name/nkonev/aaa/security/LdapAuthenticationProvider.java b/aaa/src/main/java/name/nkonev/aaa/security/LdapAuthenticationProvider.java
index 10b466a3..bb165908 100644
--- a/aaa/src/main/java/name/nkonev/aaa/security/LdapAuthenticationProvider.java
+++ b/aaa/src/main/java/name/nkonev/aaa/security/LdapAuthenticationProvider.java
@@ -87,11 +87,6 @@ public Authentication authenticate(Authentication authentication) throws Authent
                         .orElseGet(() -> {
                             // create a new
 
-                            // check conflict by username
-                            userAccountRepository.findByUsername(userName).ifPresent(ua -> {
-                                throw new UserAlreadyPresentException("User with login '" + userName + "' is already present");
-                            });
-
                             String email = null;
                             if (StringUtils.hasLength(aaaProperties.ldap().attributeNames().email())) {
                                 email = ldapEntry.email();
@@ -103,11 +98,12 @@ public Authentication authenticate(Authentication authentication) throws Authent
                             }
                             var mappedRoles = RoleMapper.map(aaaProperties.roleMappings().ldap(), rawRoles);
 
+                            // check conflict by username
+                            userService.checkLoginIsFreeOrThrow(userName);
+
                             // check conflict by email
                             if (StringUtils.hasLength(email)) {
-                                if (!userService.checkEmailIsFree(email)){
-                                    throw new UserAlreadyPresentException("User with email '" + email + "' is already present");
-                                }
+                                userService.checkEmailIsFreeOrThrow(email);
                             }
 
                             var user = userAccountRepository.save(UserAccountConverter.buildUserAccountEntityForLdapInsert(
diff --git a/aaa/src/main/java/name/nkonev/aaa/services/CheckService.java b/aaa/src/main/java/name/nkonev/aaa/services/CheckService.java
index 352fb5b7..a26ba737 100644
--- a/aaa/src/main/java/name/nkonev/aaa/services/CheckService.java
+++ b/aaa/src/main/java/name/nkonev/aaa/services/CheckService.java
@@ -14,8 +14,12 @@ public class CheckService {
     @Autowired
     private UserAccountRepository userAccountRepository;
 
-    public void checkLoginIsFree(String newLogin) {
-        if(userAccountRepository.findByUsername(newLogin).isPresent()){
+    public boolean checkLoginIsFree(String newLogin) {
+        return userAccountRepository.findByUsername(newLogin).isEmpty();
+    }
+
+    public void checkLoginIsFreeOrThrow(String newLogin) {
+        if (!checkLoginIsFree(newLogin)){
             throw new UserAlreadyPresentException("User with login '" + newLogin + "' is already present");
         }
     }
@@ -29,4 +33,9 @@ public boolean checkEmailIsFree(String email) {
         }
     }
 
+    public void checkEmailIsFreeOrThrow(String email) {
+        if (checkEmailIsFree(email)) {
+            throw new UserAlreadyPresentException("User with email '" + email + "' is already present");
+        }
+    }
 }
diff --git a/aaa/src/main/java/name/nkonev/aaa/services/RegistrationService.java b/aaa/src/main/java/name/nkonev/aaa/services/RegistrationService.java
index 3be2b67c..c630cbde 100644
--- a/aaa/src/main/java/name/nkonev/aaa/services/RegistrationService.java
+++ b/aaa/src/main/java/name/nkonev/aaa/services/RegistrationService.java
@@ -76,7 +76,7 @@ public void register(EditUserDTO editUserDTO, Language language, String referer,
         validateLengthEmail(userAccountDTO.email());
 
         var userAccountOuter = transactionTemplate.execute(status -> {
-            userService.checkLoginIsFree(userAccountDTO.login());
+            userService.checkLoginIsFreeOrThrow(userAccountDTO.login());
 
             if (!userService.checkEmailIsFree(userAccountDTO.email())){
                 return null; // we care for user email leak
diff --git a/aaa/src/main/java/name/nkonev/aaa/services/UserProfileService.java b/aaa/src/main/java/name/nkonev/aaa/services/UserProfileService.java
index 80f9cd8e..75288367 100644
--- a/aaa/src/main/java/name/nkonev/aaa/services/UserProfileService.java
+++ b/aaa/src/main/java/name/nkonev/aaa/services/UserProfileService.java
@@ -236,7 +236,7 @@ public UserSelfProfileDTO editNonEmpty(
 
             // check login already present
             if (userAccountDTO.login() != null && !exists.username().equals(userAccountDTO.login())) {
-                checkService.checkLoginIsFree(userAccountDTO.login());
+                checkService.checkLoginIsFreeOrThrow(userAccountDTO.login());
             }
 
             var resp = userAccountConverter.updateUserAccountEntityNotEmpty(userAccountDTO, exists, passwordEncoder);
diff --git a/aaa/src/main/resources/config/application.yml b/aaa/src/main/resources/config/application.yml
index 38a7df0c..8dec2958 100644
--- a/aaa/src/main/resources/config/application.yml
+++ b/aaa/src/main/resources/config/application.yml
@@ -159,7 +159,7 @@ custom.ldap:
     filter: "uid={0}"
   attribute-names:
     id: uidNumber # name of attribute, which is considered as ldap_id. any id-like attribute, which won't be changed on user rename, it can be number or string
-    role: memberOf
+    role: ""
     email: ""
     locked: ""
     username: uid