diff --git a/src/Auth/Source/X509userCert.php b/src/Auth/Source/X509userCert.php
index 5825bf6..89c2a23 100644
--- a/src/Auth/Source/X509userCert.php
+++ b/src/Auth/Source/X509userCert.php
@@ -191,10 +191,14 @@ public function authenticate(array &$state): void
 
         if ($this->ldapusercert === null) {
             // do not check for certificate match
-            $attributes = array_intersect_key(
-                $entry->getAttributes(),
-                array_fill_keys(array_values($this->ldapConfig->getArray('attributes')), null),
-            );
+            if (is_null($this->ldapConfig->getOptionalArray('attributes',null))) {
+                $attributes = $entry->getAttributes();
+            } else {
+                $attributes = array_intersect_key(
+                    $entry->getAttributes(),
+                    array_fill_keys(array_values($this->ldapConfig->getArray('attributes')), null),
+                );
+            }
 
             $state['Attributes'] = $attributes;
             $this->authSuccesful($state);
@@ -232,10 +236,14 @@ public function authenticate(array &$state): void
             }
 
             if ($ldap_cert_data === $client_cert_data) {
-                $attributes = array_intersect_key(
-                    $entry->getAttributes(),
-                    array_fill_keys(array_values($this->ldapConfig->getArray('attributes')), null),
-                );
+		        if (is_null($this->ldapConfig->getOptionalArray('attributes',null))) {
+                    $attributes = $entry->getAttributes();
+                } else {
+                    $attributes = array_intersect_key(
+                        $entry->getAttributes(),
+                        array_fill_keys(array_values($this->ldapConfig->getArray('attributes')), null),
+                    );
+                }
                 $state['Attributes'] = $attributes;
                 $this->authSuccesful($state);