+%post -n openldap-schema-sudo
+%openldap_schema_register %{schemadir}/sudo.schema -d core
+%service -q ldap restart
+%banner -o -e openldap-schema-sudo <<'EOF'
+NOTE:
+In order for sudoRole LDAP queries to be efficient, the server must index
+the attribute 'sudoUser', e.g.
+
+ # Indices to maintain
+ index sudoUser eq
+EOF
+
+%postun -n openldap-schema-sudo
+if [ "$1" = "0" ]; then
+ %openldap_schema_unregister %{schemadir}/sudo.schema
+ %service -q ldap restart
+fi
+
+%triggerpostun -- %{name} < 1:1.8.7-2
+# 1:1.7.8p2-5
+mv -f /var/run/sudo/* /var/db/sudo 2>/dev/null
+rmdir /var/run/sudo 2>/dev/null || :
+
+# 1:1.8.7-2
+# add include statement to sudoers
+if ! grep -q '#includedir %{_sysconfdir}/sudoers.d' /etc/sudoers; then
+ echo 'Adding includedir %{_sysconfdir}/sudoers.d to /etc/sudoers'
+ cat <<-EOF >> /etc/sudoers
+ ## Read drop-in files from %{_sysconfdir}/sudoers.d
+ ## (the '#' here does not indicate a comment)
+ #includedir %{_sysconfdir}/sudoers.d
+ EOF
+fi
+
+%files -f %{name}.lang