+%post -n openldap-schema-sudo
+%openldap_schema_register %{schemadir}/sudo.schema -d core
+%service -q ldap restart
+
+%banner -e openldap-schema-sudo <<'EOF'
+# banner on first install
+if [ "$1" = "1" ]; the
+NOTE:
+In order for sudoRole LDAP queries to be efficient, the server must index
+the attribute 'sudoUser', e.g.
+
+ # Indices to maintain
+ index sudoUser eq
+EOF
+fi
+
+%postun -n openldap-schema-sudo
+if [ "$1" = "0" ]; then
+ %openldap_schema_unregister %{schemadir}/sudo.schema
+ %service -q ldap restart
+fi
+