diff --git a/info.textgrid.middleware.tgauth.rbac/ldap-schemas/gridCertificateUser.schema b/info.textgrid.middleware.tgauth.rbac/ldap-schemas/gridCertificateUser.schema
new file mode 100644
index 0000000000000000000000000000000000000000..e76050f9ecb137a7f20bf525c399430137593923
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/ldap-schemas/gridCertificateUser.schema
@@ -0,0 +1,11 @@
+attributetype ( 1.3.6.1.4.1.10126.1.37.3.1
+	NAME 'gridX509subject'
+	DESC 'Distinguished name of the entity, in the form /C=DE/O=GridGermany/OU=DAASI/CN=Max User'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectClass ( 1.3.6.1.4.1.10126.1.37.4.1
+	NAME 'gridCertificateUser'
+	DESC 'X509 attributes for Grid users'
+	AUXILIARY
+	MAY ( gridX509subject ) )
diff --git a/info.textgrid.middleware.tgauth.rbac/ldap-schemas/rbac.schema b/info.textgrid.middleware.tgauth.rbac/ldap-schemas/rbac.schema
index e26be48fbeaf49ea7ab7b47fc105cdda16a33325..a6c9b7696b6ac2a5627c48b16d24d6acde9e0a27 100644
--- a/info.textgrid.middleware.tgauth.rbac/ldap-schemas/rbac.schema
+++ b/info.textgrid.middleware.tgauth.rbac/ldap-schemas/rbac.schema
@@ -55,6 +55,7 @@ attributetype ( 1.3.6.1.4.1.10126.1.23.1.3.8
 	NAME 'rbacDescription'
 	DESC 'Eine RBAC-spezifische Beschreibung'
 	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )