diff --git a/internal/outpost/ldap/entries.go b/internal/outpost/ldap/entries.go
index af389f27d..577027661 100644
--- a/internal/outpost/ldap/entries.go
+++ b/internal/outpost/ldap/entries.go
@@ -13,33 +13,16 @@ import (
 
 func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
 	dn := pi.GetUserDN(u.Username)
-	userValueMap := func(value []string) []string {
+	attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
+		return utils.AttributeKeySanitize(key)
+	}, func(value []string) []string {
 		for i, v := range value {
 			if strings.Contains(v, "%s") {
 				value[i] = fmt.Sprintf(v, u.Username)
 			}
 		}
 		return value
-	}
-	attrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
-		return utils.AttributeKeySanitize(key)
-	}, userValueMap)
-	rawAttrs := utils.AttributesToLDAP(u.Attributes, func(key string) string {
-		return key
-	}, userValueMap)
-	// Only append attributes that don't already exist
-	// TODO: Remove in 2023.3
-	for _, rawAttr := range rawAttrs {
-		exists := false
-		for _, attr := range attrs {
-			if strings.EqualFold(attr.Name, rawAttr.Name) {
-				exists = true
-			}
-		}
-		if !exists {
-			attrs = append(attrs, rawAttr)
-		}
-	}
+	})
 
 	if u.IsActive == nil {
 		u.IsActive = api.PtrBool(false)
@@ -48,10 +31,6 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
 		u.Email = api.PtrString("")
 	}
 	attrs = utils.EnsureAttributes(attrs, map[string][]string{
-		// Old fields for backwards compatibility
-		"goauthentik.io/ldap/active":    {strconv.FormatBool(*u.IsActive)},
-		"goauthentik.io/ldap/superuser": {strconv.FormatBool(u.IsSuperuser)},
-		// End old fields
 		"ak-active":      {strconv.FormatBool(*u.IsActive)},
 		"ak-superuser":   {strconv.FormatBool(u.IsSuperuser)},
 		"memberOf":       pi.GroupsForUser(u),
diff --git a/internal/outpost/ldap/group/group.go b/internal/outpost/ldap/group/group.go
index dc48f4a39..0ad2d3915 100644
--- a/internal/outpost/ldap/group/group.go
+++ b/internal/outpost/ldap/group/group.go
@@ -2,7 +2,6 @@ package group
 
 import (
 	"strconv"
-	"strings"
 
 	"github.com/nmcclain/ldap"
 	"goauthentik.io/api/v3"
@@ -28,24 +27,6 @@ func (lg *LDAPGroup) Entry() *ldap.Entry {
 	}, func(value []string) []string {
 		return value
 	})
-	rawAttrs := utils.AttributesToLDAP(lg.Attributes, func(key string) string {
-		return key
-	}, func(value []string) []string {
-		return value
-	})
-	// Only append attributes that don't already exist
-	// TODO: Remove in 2023.3
-	for _, rawAttr := range rawAttrs {
-		exists := false
-		for _, attr := range attrs {
-			if strings.EqualFold(attr.Name, rawAttr.Name) {
-				exists = true
-			}
-		}
-		if !exists {
-			attrs = append(attrs, rawAttr)
-		}
-	}
 
 	objectClass := []string{constants.OCGroup, constants.OCGroupOfUniqueNames, constants.OCGroupOfNames, constants.OCAKGroup, constants.OCPosixGroup}
 	if lg.IsVirtualGroup {
@@ -53,9 +34,6 @@ func (lg *LDAPGroup) Entry() *ldap.Entry {
 	}
 
 	attrs = utils.EnsureAttributes(attrs, map[string][]string{
-		// Old fields for backwards compatibility
-		"goauthentik.io/ldap/superuser": {strconv.FormatBool(lg.IsSuperuser)},
-		// End old fields
 		"ak-superuser":   {strconv.FormatBool(lg.IsSuperuser)},
 		"objectClass":    objectClass,
 		"member":         lg.Member,
diff --git a/tests/e2e/test_provider_ldap.py b/tests/e2e/test_provider_ldap.py
index c3ba0ee86..083493123 100644
--- a/tests/e2e/test_provider_ldap.py
+++ b/tests/e2e/test_provider_ldap.py
@@ -229,12 +229,6 @@ class TestProviderLDAP(SeleniumTestCase):
                         "homeDirectory": [
                             f"/home/{o_user.username}",
                         ],
-                        # Old fields for backwards compatibility
-                        "goauthentik.io/ldap/active": ["true"],
-                        "goauthentik.io/ldap/superuser": ["false"],
-                        "goauthentik.io/user/override-ips": ["true"],
-                        "goauthentik.io/user/service-account": ["true"],
-                        # End old fields
                         "ak-active": ["true"],
                         "ak-superuser": ["false"],
                         "goauthentikio-user-override-ips": ["true"],
@@ -264,12 +258,6 @@ class TestProviderLDAP(SeleniumTestCase):
                         "homeDirectory": [
                             f"/home/{embedded_account.username}",
                         ],
-                        # Old fields for backwards compatibility
-                        "goauthentik.io/ldap/active": ["true"],
-                        "goauthentik.io/ldap/superuser": ["false"],
-                        "goauthentik.io/user/override-ips": ["true"],
-                        "goauthentik.io/user/service-account": ["true"],
-                        # End old fields
                         "ak-active": ["true"],
                         "ak-superuser": ["false"],
                         "goauthentikio-user-override-ips": ["true"],
@@ -302,10 +290,6 @@ class TestProviderLDAP(SeleniumTestCase):
                         "homeDirectory": [
                             f"/home/{self.user.username}",
                         ],
-                        # Old fields for backwards compatibility
-                        "goauthentik.io/ldap/active": ["true"],
-                        "goauthentik.io/ldap/superuser": ["true"],
-                        # End old fields
                         "ak-active": ["true"],
                         "ak-superuser": ["true"],
                         "extraAttribute": ["bar"],
diff --git a/website/docs/providers/ldap/index.md b/website/docs/providers/ldap/index.md
index aad32575c..30139774f 100644
--- a/website/docs/providers/ldap/index.md
+++ b/website/docs/providers/ldap/index.md
@@ -33,11 +33,6 @@ The following fields are currently sent for users:
 -   `ak-active`: "true" if the account is active, otherwise "false"
 -   `ak-superuser`: "true" if the account is part of a group with superuser permissions, otherwise "false"
 
-:::warning
-The use of the `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser` attributes is deprecated as of authentik 2023.3. They will be removed completely in a future release.
-Use the replacements fields above instead.
-:::
-
 The following fields are current set for groups:
 
 -   `cn`: The group's name
diff --git a/website/docs/releases/2023/v2023.5.md b/website/docs/releases/2023/v2023.5.md
new file mode 100644
index 000000000..3bf7f8c1b
--- /dev/null
+++ b/website/docs/releases/2023/v2023.5.md
@@ -0,0 +1,40 @@
+---
+title: Release 2023.5
+slug: "/releases/2023.5"
+---
+
+## Breaking changes
+
+-   Removal of deprecated LDAP fields
+
+    This version removes the deprecated LDAP fields `goauthentik.io/ldap/active` and `goauthentik.io/ldap/superuser`.
+
+    Additionally, any custom fields based on user attributes will only be represented with their sanitized key, removing any slashes with dashes, and removing periods.
+
+## New features
+
+## Upgrading
+
+This release does not introduce any new requirements.
+
+### docker-compose
+
+Download the docker-compose file for 2023.5 from [here](https://goauthentik.io/version/2023.5/docker-compose.yml). Afterwards, simply run `docker-compose up -d`.
+
+### Kubernetes
+
+Update your values to use the new images:
+
+```yaml
+image:
+    repository: ghcr.io/goauthentik/server
+    tag: 2023.5.0
+```
+
+## Minor changes/fixes
+
+_Insert the output of `make gen-changelog` here_
+
+## API Changes
+
+_Insert output of `make gen-diff` here_