diff --git a/src/authentic2/backends/ldap_backend.py b/src/authentic2/backends/ldap_backend.py
index 840c0e669..400a93ce5 100644
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@@ -1370,7 +1370,10 @@ class LDAPBackend(object):
             if ':' in attribute:
                 attribute, param = attribute.split(':')
                 quote = 'noquote' not in param.split(',')
-            part = attributes[attribute]
+            try:
+                part = attributes[attribute]
+            except KeyError:
+                return None
             if isinstance(part, list):
                 part = part[0]
             if quote:
diff --git a/tests/test_ldap.py b/tests/test_ldap.py
index d2354a2ea..a7ccc7e27 100644
--- a/tests/test_ldap.py
+++ b/tests/test_ldap.py
@@ -1744,3 +1744,10 @@ def test_switch_user_ldap_user(slapd, settings, app, db):
     assert app.session['_auth_user_backend'] == 'authentic2.backends.ldap_backend.LDAPBackendPasswordLost'
     template_user = response.context['user']
     assert 'carlicense' in template_user.get_attributes(object(), {})
+
+
+def test_build_external_id(slapd, settings, client, db):
+    backend = ldap_backend.LDAPBackend()
+
+    assert backend.build_external_id(['uid'], {'uid': 'john.doe'}) == 'john.doe'
+    assert backend.build_external_id(['uid'], {}) is None