diff --git a/ansible/roles/openldap_server/tasks/files/sudo.ldif b/ansible/roles/openldap_server/tasks/files/sudo.ldif
new file mode 100644
index 0000000..8c1f4e3
--- /dev/null
+++ b/ansible/roles/openldap_server/tasks/files/sudo.ldif
@@ -0,0 +1,11 @@
+dn: cn=sudo,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: sudo
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcObjectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) )
diff --git a/ansible/roles/openldap_server/tasks/schemas.yaml b/ansible/roles/openldap_server/tasks/schemas.yaml
index 5fd8a7c..eec2b5b 100644
--- a/ansible/roles/openldap_server/tasks/schemas.yaml
+++ b/ansible/roles/openldap_server/tasks/schemas.yaml
@@ -24,13 +24,13 @@
   args:
     creates: /etc/openldap/schema/.nis_loaded
 
-#- name: Copy sudo schema into place
-#  copy:
-#    src: files/sudo.ldif
-#    dest: /etc/openldap/schema/sudo.ldif
-#    owner: ldap
-#    group: ldap
-#    mode: '0600'
+- name: Copy sudo schema into place
+  copy:
+    src: files/sudo.ldif
+    dest: /etc/openldap/schema/sudo.ldif
+    owner: ldap
+    group: ldap
+    mode: '0600'
 #
 - name: Copy openssh schema into place
   copy:
@@ -46,7 +46,7 @@
   args:
     creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
   loop:
-    #- { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
+    - { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
     - { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" }
   loop_control:
     label: "{{ item.name }}"
@@ -61,6 +61,6 @@
     - { name: "cosine" }
     - { name: "inetorgperson" }
     - { name: "nis" }
-#    - { name: "sudo" }
+    - { name: "sudo" }
     - { name: "openssh" }