I added the following to my schema directory: dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
[...etc...]
and referenced it in slapd.conf as: include /etc/openldap/schema/sudoers.schema
This looks like you're mixing a classic config file and a back-config configuration. My guess is you need to include sudoers.schema using back-config.
On reviewing the list of available objectClasses with the GQ application, I can't find the objectClass sudoRole, although I _can_ find the five attributes, in the attribute list.
Eh, or maybe there's something worse going on...
I also can't figure out how to dump the schemas with ldapsearch or any other command, so I can check to see for myself what's in there.
All gq is doing is searching under "cn=Subschema" base. You can do that with ldapsearch.
Your real debugging maneuver, assuming you're in a position to do this, is to restart slapd with "-d config" debug option.