diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst
index 4d2d41b5720dbd23bbe26d264b7b9d98ad756e9c..25630dbb8ba115018d887d50e06cd0717d952372 100644
--- a/docs/releasenotes.rst
+++ b/docs/releasenotes.rst
@@ -48,6 +48,9 @@ Upgraded to Ansible 10.4.x. Dropped support for Debian 11
 
   * TLSv1.3 is now enabled by default (with RFC-defined mandatory
     ciphers), in addition to TLSv1.2.
+  * Additional schema is enabled that introduces auxilliary object
+    class ``optionalCountry`` with optional ``countryName / c`` and
+    ``friendlyCountryName / co`` attributes. Useful for address books.
 
 * ``mail_server`` role
 
diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index 4633788116a0b7a2246f3b86081564a2e33eefb0..5caa1691a96ea58d0ece5fd78b9e779c1f4a7306 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -601,6 +601,13 @@ The role implements the following:
 * Configures OpenLDAP server (base DN - domain, organisation, TLS, SSF, log levels).
 * Enables the ``misc`` LDAP schema (from ``/etc/ldap/schema/misc.ldif``). This
   is necessary for the mail server role.
+* Deploys and enables the ``optionalcountry`` LDAP schema that adds
+  auxilliary object class ``optionalCountry`` which allows two
+  optional attributes to be specified - ``countryName / c`` and
+  ``friendlyCountryName / co``. This is particularly useful for
+  address book functionality (for applications that use LDAP directory
+  as backend). No built-in object class seems to cover this particular
+  use-case.
 * Enables the ``memberof`` overlay on top of default database. The overlay is
   configured to keep track of membership changes for object class
   ``groupOfUniqueNames`` via attribute ``uniqueMember``. Enforcement of
diff --git a/roles/ldap_server/files/optionalcountry.ldif b/roles/ldap_server/files/optionalcountry.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..448e84bfef70854964029d5b6a8debb17eb8da23
--- /dev/null
+++ b/roles/ldap_server/files/optionalcountry.ldif
@@ -0,0 +1,10 @@
+dn: cn=optionalcountry,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: optionalcountry
+olcObjectClasses: (
+  1.3.6.1.4.1.40926.417.2.1
+  NAME 'optionalCountry'
+  DESC 'Optional country code and friendly country name'
+  SUP top AUXILIARY
+  MAY ( countryName $ friendlyCountryName )
+  )
diff --git a/roles/ldap_server/molecule/default/group_vars/parameters-optional.yml b/roles/ldap_server/molecule/default/group_vars/parameters-optional.yml
index 9fe2adc68486ace4fbf79901dc7880f9d46fb71f..18e80b9d103eafb6695b508b41e950f1962b7898 100644
--- a/roles/ldap_server/molecule/default/group_vars/parameters-optional.yml
+++ b/roles/ldap_server/molecule/default/group_vars/parameters-optional.yml
@@ -24,6 +24,24 @@ ldap_entries:
       uid: jane
       cn: Jane Doe
       sn: Doe
+  - dn: uid=blank-optional-country,dc=local
+    attributes:
+      objectClass:
+        - inetOrgPerson
+        - optionalCountry
+      uid: blank-optional-country
+      cn: Blank Optional Country
+      sn: Blank Optional Country
+  - dn: uid=optional-country,dc=local
+    attributes:
+      objectClass:
+        - inetOrgPerson
+        - optionalCountry
+      uid: optional-country
+      cn: Optional Country
+      sn: Optional Country
+      c: RS
+      co: Serbia
 
 ldap_permissions:
   - >
diff --git a/roles/ldap_server/molecule/default/tests/test_default.py b/roles/ldap_server/molecule/default/tests/test_default.py
index c40eba37ddf947e663700944c5113d468bae163d..989689754a958832a765daea6a912420d11b6115 100644
--- a/roles/ldap_server/molecule/default/tests/test_default.py
+++ b/roles/ldap_server/molecule/default/tests/test_default.py
@@ -60,6 +60,18 @@ def test_misc_schema_presence(host):
         assert 'dn: cn={4}misc,cn=schema,cn=config' in misc_schema.stdout
 
 
+def test_optional_country_schema_presence(host):
+    """
+    Tests if the LDAP schema with object class for optional
+    country code/name has been imported.
+    """
+
+    with host.sudo():
+        country_schema = host.run('ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b cn=config dn')
+        assert country_schema.rc == 0
+        assert 'dn: cn={5}optionalcountry,cn=schema,cn=config' in country_schema.stdout
+
+
 def test_memberof_module(host):
     """
     Tests if the memberof overlay has been enabled for the main database.
diff --git a/roles/ldap_server/molecule/default/tests/test_optional.py b/roles/ldap_server/molecule/default/tests/test_optional.py
index 481bdd0c3d2e3d7ad8291ba488640173ef5b1681..788c004018b1bf8ebbabbc237df9c115fafacdc4 100644
--- a/roles/ldap_server/molecule/default/tests/test_optional.py
+++ b/roles/ldap_server/molecule/default/tests/test_optional.py
@@ -219,9 +219,25 @@ objectClass: simpleSecurityObject
 userPassword:: amFuZXBhc3N3b3Jk
 cn: Jane Doe
 sn: Doe
-uid: jane""")
+uid: jane
 
-        entries = host.run("ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b dc=local '(|(entrydn=uid=john,dc=local)(entrydn=uid=jane,dc=local))'")
+dn: uid=blank-optional-country,dc=local
+objectClass: inetOrgPerson
+objectClass: optionalCountry
+uid: blank-optional-country
+cn: Blank Optional Country
+sn: Blank Optional Country
+
+dn: uid=optional-country,dc=local
+objectClass: inetOrgPerson
+objectClass: optionalCountry
+uid: optional-country
+cn: Optional Country
+sn: Optional Country
+c: RS
+co: Serbia""")
+
+        entries = host.run("ldapsearch -H ldapi:/// -Q -LLL -Y EXTERNAL -b dc=local '(objectClass=inetOrgPerson)'")
 
         assert entries.rc == 0
         assert parse_ldif(entries.stdout) == expected_entries
diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml
index e1208169bc6310d1b2ad64c8c9be385f30556ae2..26506aff19d32ce2c0e311d634a61817eae31d6c 100644
--- a/roles/ldap_server/tasks/main.yml
+++ b/roles/ldap_server/tasks/main.yml
@@ -69,11 +69,29 @@
   register: ldap_misc_schema_present
   changed_when: false
 
-- name: Deploy LDAP misc schema
+- name: Apply LDAP misc schema
   ansible.builtin.command: "ldapadd -H ldapi:/// -Q -Y EXTERNAL -f /etc/ldap/schema/misc.ldif"
   when: not ldap_misc_schema_present.stdout
   changed_when: true  # Always results in change due to task logic.
 
+- name: Deploy optional country schema definition
+  ansible.builtin.copy:
+    src: optionalcountry.ldif
+    dest: "/etc/ldap/schema/optionalcountry.ldif"
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: Test if optional country schema is present
+  ansible.builtin.command: "ldapsearch -H ldapi:/// -Q -LLL -A -Y EXTERNAL -b cn=schema,cn=config -s one '(cn={*}optionalcountry)' cn"
+  register: ldap_optionalcountry_schema_present
+  changed_when: false
+
+- name: Apply LDAP optional country schema
+  ansible.builtin.command: "ldapadd -H ldapi:/// -Q -Y EXTERNAL -f /etc/ldap/schema/optionalcountry.ldif"
+  when: not ldap_optionalcountry_schema_present.stdout
+  changed_when: true  # Always results in change due to task logic.
+
 # Technically, the only thing this does is pick the size of DH
 # parameters to use, with GnuTLS (against which slapd is linked
 # against under Debian) picking a matching DH parameter from RFC-7919