diff --git a/services/mailu/scripts/mailu_sync.py b/services/mailu/scripts/mailu_sync.py
index 001917a..71b0f5a 100644
--- a/services/mailu/scripts/mailu_sync.py
+++ b/services/mailu/scripts/mailu_sync.py
@@ -130,7 +130,9 @@ def kc_update_attributes(token, user, attributes):
     if not isinstance(current_attrs, dict):
         current_attrs = {}
     current_attrs.update(attributes)
-    resp = SESSION.put(user_url, headers=headers, json={"attributes": current_attrs}, timeout=20)
+    payload = _safe_update_payload(current_payload)
+    payload["attributes"] = current_attrs
+    resp = SESSION.put(user_url, headers=headers, json=payload, timeout=20)
     resp.raise_for_status()
     verify = SESSION.get(
         user_url,
@@ -144,6 +146,34 @@ def kc_update_attributes(token, user, attributes):
         raise Exception(f"attribute not persisted for {user.get('email') or user['username']}")
 
 
+def _safe_update_payload(user_payload: dict) -> dict:
+    payload: dict = {}
+    username = user_payload.get("username")
+    if isinstance(username, str):
+        payload["username"] = username
+    enabled = user_payload.get("enabled")
+    if isinstance(enabled, bool):
+        payload["enabled"] = enabled
+    email = user_payload.get("email")
+    if isinstance(email, str):
+        payload["email"] = email
+    email_verified = user_payload.get("emailVerified")
+    if isinstance(email_verified, bool):
+        payload["emailVerified"] = email_verified
+    first_name = user_payload.get("firstName")
+    if isinstance(first_name, str):
+        payload["firstName"] = first_name
+    last_name = user_payload.get("lastName")
+    if isinstance(last_name, str):
+        payload["lastName"] = last_name
+    actions = user_payload.get("requiredActions")
+    if isinstance(actions, list):
+        payload["requiredActions"] = [a for a in actions if isinstance(a, str)]
+    attrs = user_payload.get("attributes")
+    payload["attributes"] = attrs if isinstance(attrs, dict) else {}
+    return payload
+
+
 def random_password():
     alphabet = string.ascii_letters + string.digits
     return "".join(secrets.choice(alphabet) for _ in range(24))
diff --git a/services/maintenance/kustomization.yaml b/services/maintenance/kustomization.yaml
index b7fe46b..a86453e 100644
--- a/services/maintenance/kustomization.yaml
+++ b/services/maintenance/kustomization.yaml
@@ -26,7 +26,7 @@ resources:
 
 images:
   - name: registry.bstein.dev/bstein/ariadne
-    newTag: 0.1.0-5 # {"$imagepolicy": "maintenance:ariadne"}
+    newTag: 0.1.0-6 # {"$imagepolicy": "maintenance:ariadne"}
 
 configMapGenerator:
   - name: disable-k3s-traefik-script