diff --git a/roles/ldap-server/files/yubikey.schema b/roles/ldap-server/files/yubikey.schema
new file mode 100644
index 0000000..39b9df1
--- /dev/null
+++ b/roles/ldap-server/files/yubikey.schema
@@ -0,0 +1,30 @@
+#
+# YubiKey LDAP schema
+#
+# Author: Michal Ludvig <michal@logix.cz>
+# Consider a small PayPal donation:
+#         http://logix.cz/michal/devel/yubikey-ldap/
+#
+
+# Common Logix OID structure
+# 1.3.6.1.4.1.40789.<Project>.<1=SNMP/2=LDAP>.<...>
+objectIdentifier lxYubiKeyPrj    1.3.6.1.4.1.40789.2012.11.1
+objectIdentifier lxYkSNMP        lxYubiKeyPrj:1
+objectIdentifier lxYkLDAP        lxYubiKeyPrj:2
+
+# YubiKey schema sub-tree
+objectIdentifier lxYkAttribute   lxYkLDAP:1
+objectIdentifier lxYkObjectClass lxYkLDAP:2
+
+attributetype ( lxYkAttribute:1
+  NAME 'yubiKeyId'
+  DESC 'Yubico YubiKey ID'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+objectclass ( lxYkObjectClass:1
+  NAME 'yubiKeyUser'
+  DESC 'Yubico YubiKey User'
+  SUP top
+  AUXILIARY
+  MAY ( yubiKeyId ) )
diff --git a/roles/ldap-server/tasks/main.yml b/roles/ldap-server/tasks/main.yml
index 66b8645..e783acc 100644
--- a/roles/ldap-server/tasks/main.yml
+++ b/roles/ldap-server/tasks/main.yml
@@ -159,6 +159,7 @@
     - kerberos.schema         # centos krb5-server-ldap 1.15.1
     - openssh-lpk.schema      # via google, no original source found
     - rfc2307bis.schema       # rfc2307bis version 2
+    - yubikey.schema          # http://logix.cz/michal/devel/yubikey-ldap/
     - samba.schema            # centos samba 4.8.3
   notify: restart slapd