From 9c397dfbc58ce43a2146a63f8d5701ba61ee3e63 Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <jrdemasi@gmail.com>
Date: Sat, 24 Jan 2026 19:17:20 -0700
Subject: [PATCH] rework schemas

---
 .../openldap_server/tasks/files/openssh.ldif  | 16 +++++++
 .../openldap_server/tasks/files/sudo.ldif     | 42 +++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 ansible/roles/openldap_server/tasks/files/openssh.ldif
 create mode 100644 ansible/roles/openldap_server/tasks/files/sudo.ldif

diff --git a/ansible/roles/openldap_server/tasks/files/openssh.ldif b/ansible/roles/openldap_server/tasks/files/openssh.ldif
new file mode 100644
index 0000000..cf8c9f7
--- /dev/null
+++ b/ansible/roles/openldap_server/tasks/files/openssh.ldif
@@ -0,0 +1,16 @@
+dn: cn=openssh,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: openssh
+
+olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13
+  NAME 'sshPublicKey'
+  DESC 'OpenSSH Public key'
+  EQUALITY octetStringMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0
+  NAME 'ldapPublicKey'
+  DESC 'OpenSSH LPK object class'
+  SUP top
+  AUXILIARY
+  MAY ( sshPublicKey ) )
diff --git a/ansible/roles/openldap_server/tasks/files/sudo.ldif b/ansible/roles/openldap_server/tasks/files/sudo.ldif
new file mode 100644
index 0000000..ee479be
--- /dev/null
+++ b/ansible/roles/openldap_server/tasks/files/sudo.ldif
@@ -0,0 +1,42 @@
+dn: cn=sudo,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: sudo
+
+# Attribute definitions for sudo
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1
+  NAME 'sudoUser'
+  DESC 'SudoUser'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2
+  NAME 'sudoHost'
+  DESC 'SudoHost'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3
+  NAME 'sudoCommand'
+  DESC 'SudoCommand'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4
+  NAME 'sudoRunAs'
+  DESC 'SudoRunAs'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5
+  NAME 'sudoOption'
+  DESC 'SudoOption'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# sudoRole objectClass definition
+olcObjectClasses: ( 1.3.6.1.4.1.15953.9.1.6
+  NAME 'sudoRole'
+  DESC 'Sudo Role'
+  SUP top
+  AUXILIARY
+  MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption ) )