--- sudo.schema.orig	2011-07-28 17:51:56.000000000 -0400
+++ sudo.schema	2011-07-28 17:53:22.000000000 -0400
@@ -1,5 +1,6 @@
 #
-#  schema file for sudo
+# OpenLDAP schema file for Sudo
+# Save as /etc/openldap/schema/sudo.schema
 #
 
 attributetype ( 1.3.6.1.4.1.15953.9.1.1
@@ -24,7 +25,7 @@
 
 attributetype ( 1.3.6.1.4.1.15953.9.1.4
 		NAME 'sudoRunAs'
-		DESC 'User(s) impersonated by sudo'
+		DESC 'User(s) impersonated by sudo (deprecated)'
 		EQUALITY caseExactIA5Match
 		SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
@@ -34,11 +35,21 @@
 		EQUALITY caseExactIA5Match
 		SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
+attributetype ( 1.3.6.1.4.1.15953.9.1.6
+		NAME 'sudoRunAsUser'
+		DESC 'User(s) impersonated by sudo'
+		EQUALITY caseExactIA5Match
+		SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.7
+		NAME 'sudoRunAsGroup'
+		DESC 'Group(s) impersonated by sudo'
+		EQUALITY caseExactIA5Match
+		SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
 objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
 		DESC 'Sudoer Entries'
 		MUST ( cn )
-		MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption $
+		MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $
 			description )
 	    )
-
-