diff --git a/lib/tasks/ldap.rake b/lib/tasks/ldap.rake
index dcdebfe..3beb0e9 100644
--- a/lib/tasks/ldap.rake
+++ b/lib/tasks/ldap.rake
@@ -1,6 +1,6 @@
 namespace :ldap do
   desc "Reset the LDAP directory and set up base entries and default org"
-  task setup: :environment do |t, args|
+  task setup: [:environment, :add_custom_attributes] do |t, args|
     ldap = LdapService.new
 
     ldap.delete_entry "cn=admin_role,ou=kosmos.org,cn=users,dc=kosmos,dc=org", true
@@ -19,6 +19,42 @@ namespace :ldap do
     }, true
   end
 
+  desc "Add custom attributes to schema"
+  task add_custom_attributes: :environment do |t, args|
+    %w[ admin service_enabled nostr_key ].each do |name|
+      Rake::Task["ldap:modify_ldap_schema"].invoke(name, "add")
+      Rake::Task['ldap:modify_ldap_schema'].reenable
+    end
+  end
+
+  desc "Delete custom attributes from schema"
+  task delete_custom_attributes: :environment do |t, args|
+    %w[ admin service_enabled nostr_key ].each do |name|
+      Rake::Task["ldap:modify_ldap_schema"].invoke(name, "delete")
+      Rake::Task['ldap:modify_ldap_schema'].reenable
+    end
+  end
+
+  desc "Modify LDAP schema"
+  task :modify_ldap_schema, [:name, :operation] => [:environment] do |t, args|
+    puts "Modify schema: #{args[:operation]} #{args[:name]}"
+
+    filename = "#{Rails.root}/schemas/ldap/#{args[:name]}.ldif"
+    ldif = YAML.safe_load(File.read(filename))
+    dn = ldif["dn"]
+    attribute = ldif["add"]
+    value = ldif[attribute]
+    operation = [ args[:operation].to_sym, attribute.to_sym, value ]
+
+    ldap = LdapService.new
+    res = ldap.modify dn, [ operation ]
+
+    if res != 0
+      puts "Result code: #{res}"
+      exit 1
+    end
+  end
+
   desc "List user domains/organizations"
   task list_organizations: :environment do |t, args|
     ldap = LdapService.new
diff --git a/schemas/ldap/admin.ldif b/schemas/ldap/admin.ldif
new file mode 100644
index 0000000..a667c8b
--- /dev/null
+++ b/schemas/ldap/admin.ldif
@@ -0,0 +1,9 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( 1.3.6.1.4.1.61554.1.1.2.1.1
+  NAME 'admin'
+  DESC 'Admin flag'
+  EQUALITY booleanMatch
+  SYNTAX  1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
diff --git a/schemas/ldap/nostr_key.ldif b/schemas/ldap/nostr_key.ldif
new file mode 100644
index 0000000..22e7510
--- /dev/null
+++ b/schemas/ldap/nostr_key.ldif
@@ -0,0 +1,9 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( 1.3.6.1.4.1.61554.1.1.2.1.21
+  NAME 'nostrKey'
+  DESC 'Nostr public key'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
diff --git a/schemas/ldap/service_enabled.ldif b/schemas/ldap/service_enabled.ldif
new file mode 100644
index 0000000..7f80d4b
--- /dev/null
+++ b/schemas/ldap/service_enabled.ldif
@@ -0,0 +1,8 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( 1.3.6.1.4.1.61554.1.1.2.1.2
+  NAME 'serviceEnabled'
+  DESC 'Services enabled for account'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )