diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index 7b22f3af4..3b7631732 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -75,7 +75,6 @@ class UsersController extends Controller
 
         ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',)
             ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
-        $users = Company::scopeCompanyables($users);
 
 
         if ($request->filled('activated')) {
@@ -271,6 +270,8 @@ class UsersController extends Controller
         } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
             $users = $users->withTrashed();
         }
+
+        $users = Company::scopeCompanyables($users);
         
         $total = $users->count();
         $users = $users->skip($offset)->take($limit)->get();
diff --git a/app/Http/Controllers/AssetModelsController.php b/app/Http/Controllers/AssetModelsController.php
index dbefb2e7b..7b1f3c49b 100755
--- a/app/Http/Controllers/AssetModelsController.php
+++ b/app/Http/Controllers/AssetModelsController.php
@@ -286,6 +286,7 @@ class AssetModelsController extends Controller
         return view('models/edit')
             ->with('depreciation_list', Helper::depreciationList())
             ->with('item', $model)
+            ->with('model_id', $model_to_clone->id)
             ->with('clone_model', $model_to_clone);
     }
 
diff --git a/resources/views/models/edit.blade.php b/resources/views/models/edit.blade.php
index 74d3c1b83..4bb5cac6c 100755
--- a/resources/views/models/edit.blade.php
+++ b/resources/views/models/edit.blade.php
@@ -34,7 +34,8 @@
 </div>
 
 <!-- Custom Fieldset -->
-@livewire('custom-field-set-default-values-for-model',["model_id" => $item->id])
+<!-- If $item->id is null we are cloning the model and we need the $model_id variable -->
+@livewire('custom-field-set-default-values-for-model',["model_id" => ($item->id) ? $item->id : $model_id])
 
 @include ('partials.forms.edit.notes')
 @include ('partials.forms.edit.requestable', ['requestable_text' => trans('admin/models/general.requestable')])
diff --git a/resources/views/settings/ldap.blade.php b/resources/views/settings/ldap.blade.php
index b3070e13e..016d54f48 100644
--- a/resources/views/settings/ldap.blade.php
+++ b/resources/views/settings/ldap.blade.php
@@ -18,6 +18,15 @@
         .checkbox label {
             padding-right: 40px;
         }
+
+        /*
+           Don't make the password field *look* readonly - this is for usability, so admins don't think they can't edit this field.
+         */
+        .form-control[readonly] {
+            background-color: white;
+            color: #555555;
+            cursor:text;
+        }
     </style>
 
     @if ((!function_exists('ldap_connect')) || (!function_exists('ldap_set_option')) || (!function_exists('ldap_bind')))
@@ -34,10 +43,12 @@
     @endif
 
 
-    {{ Form::open(['method' => 'POST', 'files' => false, 'autocomplete' => 'false', 'class' => 'form-horizontal', 'role' => 'form']) }}
+    {{ Form::open(['method' => 'POST', 'files' => false, 'autocomplete' => 'off', 'class' => 'form-horizontal', 'role' => 'form']) }}
     <!-- CSRF Token -->
     {{csrf_field()}}
 
+    <input type="hidden" name="username" value="{{ Request::old('username', $user->username) }}">
+
     <!-- this is a hack to prevent Chrome from trying to autocomplete fields -->
     <input type="text" name="prevent_autofill" id="prevent_autofill" value="" style="display:none;" />
     <input type="password" name="password_fake" id="password_fake" value="" style="display:none;" />
@@ -54,7 +65,6 @@
                 </div>
                 <div class="box-body">
 
-
                     <div class="col-md-11 col-md-offset-1">
 
                         <!-- Enable LDAP -->
@@ -230,7 +240,7 @@
                                 {{ Form::label('ldap_uname', trans('admin/settings/general.ldap_uname')) }}
                             </div>
                             <div class="col-md-8">
-                                {{ Form::text('ldap_uname', Request::old('ldap_uname', $setting->ldap_uname), ['class' => 'form-control','placeholder' => trans('general.example') .'binduser@example.com', $setting->demoMode]) }}
+                                {{ Form::text('ldap_uname', Request::old('ldap_uname', $setting->ldap_uname), ['class' => 'form-control','autocomplete' => 'off', 'placeholder' => trans('general.example') .'binduser@example.com', $setting->demoMode]) }}
                                 {!! $errors->first('ldap_uname', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
                                 @if (config('app.lock_passwords')===true)
                                     <p class="text-warning"><i class="fas fa-lock" aria-hidden="true"></i> {{ trans('general.feature_disabled') }}</p>
@@ -244,7 +254,7 @@
                                 {{ Form::label('ldap_pword', trans('admin/settings/general.ldap_pword')) }}
                             </div>
                             <div class="col-md-8">
-                                {{ Form::password('ldap_pword', ['class' => 'form-control','placeholder' => trans('general.example') .' binduserpassword', $setting->demoMode]) }}
+                                {{ Form::password('ldap_pword', ['class' => 'form-control', 'autocomplete' => 'off', 'onfocus' => "this.removeAttribute('readonly');", $setting->demoMode, ' readonly']) }}
                                 {!! $errors->first('ldap_pword', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
                                 @if (config('app.lock_passwords')===true)
                                     <p class="text-warning"><i class="fas fa-lock" aria-hidden="true"></i> {{ trans('general.feature_disabled') }}</p>
@@ -538,7 +548,7 @@
                                         <input type="text" name="ldaptest_user" id="ldaptest_user"  class="form-control" placeholder="LDAP username">
                                     </div>
                                     <div class="col-md-4">
-                                    <input type="password" name="ldaptest_password" id="ldaptest_password" class="form-control" placeholder="LDAP password">
+                                    <input type="password" name="ldaptest_password" id="ldaptest_password" class="form-control" placeholder="LDAP password" autocomplete="off" readonly onfocus="this.removeAttribute('readonly');">
                                     </div>
                                     <div class="col-md-3">
                                         <a class="btn btn-default btn-sm" id="ldaptestlogin" style="margin-right: 10px;">{{ trans('admin/settings/general.ldap_test') }}</a>
diff --git a/tests/Feature/Api/Users/UsersSearchTest.php b/tests/Feature/Api/Users/UsersSearchTest.php
index f14d704b0..723a115db 100644
--- a/tests/Feature/Api/Users/UsersSearchTest.php
+++ b/tests/Feature/Api/Users/UsersSearchTest.php
@@ -2,6 +2,7 @@
 
 namespace Tests\Feature\Api\Users;
 
+use App\Models\Company;
 use App\Models\User;
 use Laravel\Passport\Passport;
 use Tests\Support\InteractsWithSettings;
@@ -83,4 +84,67 @@ class UsersSearchTest extends TestCase
             'Expected deleted user does not appear in results'
         );
     }
+
+    public function testUsersScopedToCompanyWhenMultipleFullCompanySupportEnabled()
+    {
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $companyA = Company::factory()
+            ->has(User::factory(['first_name' => 'Company A', 'last_name' => 'User']))
+            ->create();
+
+        Company::factory()
+            ->has(User::factory(['first_name' => 'Company B', 'last_name' => 'User']))
+            ->create();
+
+        $response = $this->actingAsForApi(User::factory()->for($companyA)->viewUsers()->create())
+            ->getJson(route('api.users.index'))
+            ->assertOk();
+
+        $results = collect($response->json('rows'));
+
+        $this->assertTrue(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company A')),
+            'User index does not contain expected user'
+        );
+        $this->assertFalse(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company B')),
+            'User index contains unexpected user from another company'
+        );
+    }
+
+    public function testUsersScopedToCompanyDuringSearchWhenMultipleFullCompanySupportEnabled()
+    {
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $companyA = Company::factory()
+            ->has(User::factory(['first_name' => 'Company A', 'last_name' => 'User']))
+            ->create();
+
+        Company::factory()
+            ->has(User::factory(['first_name' => 'Company B', 'last_name' => 'User']))
+            ->create();
+
+        $response = $this->actingAsForApi(User::factory()->for($companyA)->viewUsers()->create())
+            ->getJson(route('api.users.index', [
+                'deleted' => 'false',
+                'company_id' => null,
+                'search' => 'user',
+                'order' => 'asc',
+                'offset' => '0',
+                'limit' => '20',
+            ]))
+            ->assertOk();
+
+        $results = collect($response->json('rows'));
+
+        $this->assertTrue(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company A')),
+            'User index does not contain expected user'
+        );
+        $this->assertFalse(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company B')),
+            'User index contains unexpected user from another company'
+        );
+    }
 }