diff --git a/internal/core/user.go b/internal/core/user.go
index f45fdf7..4f93b37 100644
--- a/internal/core/user.go
+++ b/internal/core/user.go
@@ -76,7 +76,6 @@ func (u User) validateLocal(cfg *ValidationConfig) (errs errext.ErrorSet) {
 		MustBePosixAccountNameIf(u.LoginName, u.POSIX != nil),
 	))
 	errs.Add(ref.Field("given_name").WrapFirst(
-		MustNotBeEmpty(u.GivenName),
 		MustNotHaveSurroundingSpaces(u.GivenName),
 	))
 	errs.Add(ref.Field("family_name").WrapFirst(
diff --git a/internal/ldap/object.go b/internal/ldap/object.go
index d4e5c6f..1225084 100644
--- a/internal/ldap/object.go
+++ b/internal/ldap/object.go
@@ -73,7 +73,6 @@ func renderUser(u core.User, dnSuffix string, allGroups []core.Group) Object {
 			"uid":          {u.LoginName},
 			"cn":           {u.FullName()},
 			"sn":           {u.FamilyName},
-			"givenName":    {u.GivenName},
 			"userPassword": {u.PasswordHash},
 			"isMemberOf":   memberOfGroupDNames,
 			"objectClass":  {"portunusPerson", "inetOrgPerson", "organizationalPerson", "person", "top"},
@@ -83,6 +82,9 @@ func renderUser(u core.User, dnSuffix string, allGroups []core.Group) Object {
 	if u.EMailAddress != "" {
 		obj.Attributes["mail"] = []string{u.EMailAddress}
 	}
+	if u.GivenName != "" {
+		obj.Attributes["givenName"] = []string{u.GivenName}
+	}
 	if len(u.SSHPublicKeys) > 0 {
 		obj.Attributes["sshPublicKey"] = u.SSHPublicKeys
 	}