diff --git a/applications/ldap_client.nix b/applications/ldap_client.nix
index 1bf92f2..c82b6ba 100644
--- a/applications/ldap_client.nix
+++ b/applications/ldap_client.nix
@@ -20,6 +20,8 @@
   # these are needed for teh program in question
   imports = [];
 
+  # give users access to this server
+  #services.skynet_ldap_client.groups = ["skynet-users"];
 
   options.services.skynet_ldap_client = {
     # options that need to be passed in to make this work
diff --git a/machines/_base.nix b/machines/_base.nix
index 6b99925..4cdd541 100644
--- a/machines/_base.nix
+++ b/machines/_base.nix
@@ -3,6 +3,9 @@
 {
   imports = [
     (modulesPath + "/virtualisation/proxmox-lxc.nix")
+
+    # every server needs teh ldap client for admins
+    ../applications/ldap_client.nix
   ];
 
   # flakes are essensial
@@ -36,6 +39,12 @@
     { groups = [ "skynet-admins" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
   ];
 
+  services.skynet_ldap_client = {
+    enable = true;
+    # skynet-admin will always be added, individual servers can override
+    groups = [];
+  };
+
   networking = {
     # every sever needs to be accessable over ssh for admin use at least
     firewall.allowedTCPPorts = [22];