diff --git a/src/Controller/RealnameAutocompleteController.php b/src/Controller/RealnameAutocompleteController.php
index fd536d5..fc9c6f8 100644
--- a/src/Controller/RealnameAutocompleteController.php
+++ b/src/Controller/RealnameAutocompleteController.php
@@ -89,8 +89,20 @@ class RealnameAutocompleteController extends EntityAutocompleteController {
       if ($include_anonymous == FALSE) {
         $query->condition('u.uid', 0, '>');
       }
+
+      // Filter by role.
+      if (isset($selection_settings['filter']['type']) && $selection_settings['filter']['type'] == 'role') {
+        $query->leftJoin('user__roles', 'r', 'u.uid = r.entity_id');
+        $query->condition('r.roles_target_id', array_filter($selection_settings['filter']['role']), 'IN');
+      }
+      // Adding the permission check is sadly insufficient for users: core
+      // requires us to also know about the concept of 'blocked' and 'active'.
+      if (!$this->currentUser()->hasPermission('administer users')) {
+        $query->condition('u.status', 1);
+      }
+
       $query->range(0, 10);
-      $uids = $query->execute()->fetchCol();
+      $uids = $query->distinct()->execute()->fetchCol();
       $accounts = User::loadMultiple($uids);
 
       /* @var $account User */