diff --git a/ansible/roles/openldap_server/tasks/schemas.yaml b/ansible/roles/openldap_server/tasks/schemas.yaml
index eaeaf51..84bf3f5 100644
--- a/ansible/roles/openldap_server/tasks/schemas.yaml
+++ b/ansible/roles/openldap_server/tasks/schemas.yaml
@@ -24,14 +24,30 @@
   args:
     creates: /etc/openldap/schema/.nis_loaded
 
+- name: Copy sudo schema into place
+  copy:
+    src: files/sudo.ldif
+    dest: /etc/openldap/schema/sudo.ldif
+    owner: ldap
+    group: ldap
+    mode: '0600'
+
+- name: Copy openssh schema into place
+  copy:
+    src: files/openssh.ldif
+    dest: /etc/openldap/schema/openssh.ldif
+    owner: ldap
+    group: ldap
+    mode: '0600'
+
 - name: Ensure custom LDAP schemas (sudo + openssh) are loaded
   ansible.builtin.command: >
     ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }}
   args:
     creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
   loop:
-    - { name: "sudo", file: "{{ playbook_dir }}/roles/openldap_server/tasks/files/sudo.ldif" }
-    - { name: "openssh", file: "{{ playbook_dir }}/roles/openldap_server/tasks/files/openssh.ldif" }
+    - { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
+    - { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" }
   loop_control:
     label: "{{ item.name }}"