From b970a72da1218a8a774bc90cf70177bb982f6192 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Tue, 26 May 2020 15:59:40 +1000
Subject: [PATCH] acme: remove redundant schema file

ACME LDAP schema has been extracted as a modify LDIF.  I tested the
FreeIPA schema update machinery and it works fine with a modify
LDIF.  So the other schema LDIF, which is not an update object but a
plain entry, can be removed.

We could do likewise for LWCA and profile schema, but that is for
another day.
---
 base/server/share/conf/schema-acme.ldif       | 84 -------------------
 .../upgrade/10.8.0/02-RemoveLDAPSetupFiles.py |  1 -
 2 files changed, 85 deletions(-)
 delete mode 100644 base/server/share/conf/schema-acme.ldif

diff --git a/base/server/share/conf/schema-acme.ldif b/base/server/share/conf/schema-acme.ldif
deleted file mode 100644
index d419f6ac9ef..00000000000
--- a/base/server/share/conf/schema-acme.ldif
+++ /dev/null
@@ -1,84 +0,0 @@
-dn: cn=schema
-attributeTypes: ( acmeExpires-oid NAME 'acmeExpires'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-  EQUALITY generalizedTimeMatch
-  ORDERING generalizedTimeOrderingMatch
-  SINGLE-VALUE )
-attributeTypes: ( acmeValidatedAt-oid NAME 'acmeValidatedAt'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-  EQUALITY generalizedTimeMatch
-  ORDERING generalizedTimeOrderingMatch
-  SINGLE-VALUE )
-attributeTypes: ( acmeStatus-oid NAME 'acmeStatus'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-  EQUALITY caseIgnoreMatch
-  SINGLE-VALUE )
-attributeTypes: ( acmeError-oid NAME 'acmeError'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-  SINGLE-VALUE )
-attributeTypes: ( acmeNonceValue-oid NAME 'acmeNonceValue'
-  SUP name
-  SINGLE-VALUE )
-attributeTypes: ( acmeAccountId-oid NAME 'acmeAccountId'
-  SUP name
-  SINGLE-VALUE )
-attributeTypes: ( acmeAccountContact-oid NAME 'acmeAccountContact'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-  EQUALITY caseIgnoreMatch
-  SUBSTR caseIgnoreSubstringsMatch )
-attributeTypes: ( acmeAccountKey-oid NAME 'acmeAccountKey'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-  SINGLE-VALUE )
-attributeTypes: ( acmeOrderId-oid NAME 'acmeOrderId'
-  SUP name
-  SINGLE-VALUE )
-attributeTypes: ( acmeIdentifier-oid NAME 'acmeIdentifier'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-  EQUALITY caseIgnoreMatch )
-attributeTypes: ( acmeAuthorizationId-oid NAME 'acmeAuthorizationId'
-  SUP name )
-attributeTypes: ( acmeAuthorizationWildcard-oid NAME 'acmeAuthorizationWildcard'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-  EQUALITY booleanMatch
-  SINGLE-VALUE )
-attributeTypes: ( acmeChallengeId-oid NAME 'acmeChallengeId'
-  SUP name
-  SINGLE-VALUE )
-attributeTypes: ( acmeToken-oid NAME 'acmeToken'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-attributeTypes: ( acmeCertificateId-oid NAME 'acmeCertificateId'
-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-  EQUALITY caseExactMatch
-  SINGLE-VALUE )
-objectClasses: ( acmeNonce-oid NAME 'acmeNonce'
-  STRUCTURAL
-  MUST ( acmeNonceValue $ acmeExpires ) )
-objectClasses: ( acmeAccount-oid NAME 'acmeAccount'
-  STRUCTURAL
-  MUST ( acmeAccountId $ acmeAccountKey $ acmeStatus )
-  MAY acmeAccountContact )
-objectClasses: ( acmeOrder-oid NAME 'acmeOrder'
-  STRUCTURAL
-  MUST ( acmeOrderId $ acmeAccountId $ acmeStatus $ acmeIdentifier $ acmeAuthorizationId )
-  MAY ( acmeError $ acmeCertificateId $ acmeExpires ) )
-objectClasses: ( acmeAuthorization-oid NAME 'acmeAuthorization'
-  STRUCTURAL
-  MUST ( acmeAuthorizationId $ acmeAccountId $ acmeIdentifier $ acmeAuthorizationWildcard $ acmeStatus )
-  MAY acmeExpires )
-# Why have seperate object classes for different challenge types?
-# the dns-01 and http-01 challenge types both only store a 'token'.
-# But challenge types could involve storing other data.  So we
-# define a different object class for each challenge type, and each
-# class specifies the challenge-specific attribute types.
-objectClasses: ( acmeChallenge-oid NAME 'acmeChallenge'
-  ABSTRACT
-  MUST ( acmeChallengeId $ acmeAccountId $ acmeAuthorizationId $ acmeStatus )
-  MAY ( acmeValidatedAt $ acmeError ) )
-objectClasses: ( acmeChallengeDns01-oid NAME 'acmeChallengeDns01'
-  SUP acmeChallenge
-  STRUCTURAL
-  MUST acmeToken )
-objectClasses: ( acmeChallengeHttp01-oid NAME 'acmeChallengeHttp01'
-  SUP acmeChallenge
-  STRUCTURAL
-  MUST acmeToken )
diff --git a/base/server/upgrade/10.8.0/02-RemoveLDAPSetupFiles.py b/base/server/upgrade/10.8.0/02-RemoveLDAPSetupFiles.py
index 93d264de1d7..85ab1811d0f 100644
--- a/base/server/upgrade/10.8.0/02-RemoveLDAPSetupFiles.py
+++ b/base/server/upgrade/10.8.0/02-RemoveLDAPSetupFiles.py
@@ -36,7 +36,6 @@ def upgrade_instance(self, instance):
         filenames = [
             'schema-authority.ldif',
             'schema-certProfile.ldif',
-            'schema-acme.ldif',
             'usn.ldif',
         ]