Remove schema modifications from update files

As schema is now handled by the schema updater, these entries are superfluous. https://fedorahosted.org/freeipa/ticket/3454
author: Petr Viktorin <pviktori@redhat.com> 2013-04-26 15:32:10 +0200
committer: Petr Viktorin <pviktori@redhat.com> 2013-11-18 16:54:21 +0100
commit: d9a1c09e7c70af697676449dab6737da0a392f66 (patch)
tree: 8f1cc2a8fe60f9e9e89c6512cca3d2e5134bc841 /install
parent: b25f807fbfe0a4279a459c510f4efe9ad8a8a755 (diff)
download: freeipa-d9a1c09e7c70af697676449dab6737da0a392f66.tar.gz
freeipa-d9a1c09e7c70af697676449dab6737da0a392f66.tar.xz
freeipa-d9a1c09e7c70af697676449dab6737da0a392f66.zip
13 files changed, 1 insertions, 532 deletions
diff --git a/install/updates/10-60basev2.update b/install/updates/10-60basev2.update
deleted file mode 100644
index ff1f3da2..00000000
--- a/install/updates/10-60basev2.update
+++ /dev/null
@@ -1,22 +0,0 @@
-# Fix some problems with the original 60basev2 schema file.
-dn: cn=schema
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.1 NAME 'ipaUniqueID' DESC 'Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.1 NAME 'ipaUniqueID' DESC 'Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes: ( 2.16.840.1.113730.3.8.3.2 NAME 'ipaClientVersion' DESC 'Text string describing client version of the IPA software installed' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.2 NAME 'ipaClientVersion' DESC 'Text string describing client version of the IPA software installed' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of administrator who performed manual enrollment of the host' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of administrator who performed manual enrollment of the host' SUP distinguishedName X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.4 NAME 'fqdn' DESC 'FQDN' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.4 NAME 'fqdn' DESC 'FQDN' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.18 NAME 'managedBy' DESC 'DNs of entries allowed to manage' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2')::( 2.16.840.1.113730.3.8.3.18 NAME 'managedBy' DESC 'DNs of entries allowed to manage' SUP distinguishedName X-ORIGIN 'IPA v2')
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.24 NAME 'ipaEntitlementId' DESC 'Entitlement Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.24 NAME 'ipaEntitlementId' DESC 'Entitlement Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC 'Reference to a principal that performs an action (usually user).' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC 'Reference to a principal that performs an action (usually user).' SUP distinguishedName X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.6 NAME 'userCategory' DESC 'Additional classification for users' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.6 NAME 'userCategory' DESC 'Additional classification for users' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Reference to a device where the operation takes place (usually host).' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Reference to a device where the operation takes place (usually host).' SUP distinguishedName X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.19 NAME 'serviceCategory' DESC 'Additional classification for services' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.19 NAME 'serviceCategory' DESC 'Additional classification for services' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.20 NAME 'memberService' DESC 'Reference to the pam service of this operation.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.20 NAME 'memberService' DESC 'Reference to the pam service of this operation.' SUP distinguishedName X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.25 NAME 'ipaPermissionType' DESC 'IPA permission flags' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.25 NAME 'ipaPermissionType' DESC 'IPA permission flags' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes: (2.16.840.1.113730.3.8.3.9 NAME 'ipaEnabledFlag' DESC 'The flag to show if the association is active or should be ignored' EQUALITY booleanMatch ORDERING booleanMatch SUBSTR booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.9 NAME 'ipaEnabledFlag' DESC 'The flag to show if the association is active or should be ignored' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multivalue string attribute that allows storing host names.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multivalue string attribute that allows storing host names.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes: (2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Policy on how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.3.17 NAME 'hostCApolicy' DESC 'Policy on how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v2' )
diff --git a/install/updates/10-60basev3.update b/install/updates/10-60basev3.update
deleted file mode 100644
index 476fa3ba..00000000
--- a/install/updates/10-60basev3.update
+++ /dev/null
@@ -1,22 +0,0 @@
-dn: cn=schema
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.20 NAME 'memberPrincipal' DESC 'Principal names member of a groupOfPrincipals group' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA-v3')
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.21 NAME 'ipaAllowToImpersonate' DESC 'Principals that can be impersonated' SUP distinguishedName X-ORIGIN 'IPA-v3')
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.22 NAME 'ipaAllowedTarget' DESC 'Target principals alowed to get a ticket for' SUP distinguishedName X-ORIGIN 'IPA-v3')
-add:objectClasses: (2.16.840.1.113730.3.8.12.6 NAME 'groupOfPrincipals' SUP top AUXILIARY MUST ( cn ) MAY ( memberPrincipal ) X-ORIGIN 'IPA v3' )
-add:objectClasses: (2.16.840.1.113730.3.8.12.7 NAME 'ipaKrb5DelegationACL' SUP groupOfPrincipals STRUCTURAL MAY ( ipaAllowToImpersonate $$ ipaAllowedTarget ) X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.32 NAME 'ipaKrbPrincipalAlias' DESC 'IPA principal alias' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3')
-add:attributeTypes: (2.16.840.1.113730.3.8.11.37 NAME 'ipaKrbAuthzData' DESC 'type of PAC preferred by a service' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3')
-add:objectClasses: (2.16.840.1.113730.3.8.12.8 NAME 'ipaKrbPrincipal' SUP krbPrincipalAux AUXILIARY MUST ( krbPrincipalName $$ ipaKrbPrincipalAlias ) X-ORIGIN 'IPA v3' )
-replace:objectClasses: ( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf $$ managedBy ) X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf $$ managedBy $$ ipaKrbAuthzData) X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Reference to a command or group of commands that are allowed by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Reference to a command or group of commands that are allowed by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
-replace:attributeTypes:( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )::( 2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.1 NAME 'ipaExternalMember' DESC 'External Group Member Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3' )
-add:objectClasses: (2.16.840.1.113730.3.8.12.1 NAME 'ipaExternalGroup' SUP top STRUCTURAL MUST ( cn ) MAY ( ipaExternalMember $$ memberOf $$ description $$ owner) X-ORIGIN 'IPA v3' )
-replace:objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $$ ipaClientVersion $$ enrolledBy $$ memberOf ) X-ORIGIN 'IPA v2' )::(2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $$ ipaClientVersion $$ enrolledBy $$ memberOf $$ userClass ) X-ORIGIN 'IPA v2' )
-
-# Fix dc syntax (RFC 2247)
-replace:attributeTypes:"( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) DESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2247' )::( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) DESC 'Standard LDAP attribute type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2247' )"
-
-# Add ipaUserAuthType and ipaUserAuthTypeClass
-add:attributeTypes: (2.16.840.1.113730.3.8.11.40 NAME 'ipaUserAuthType' DESC 'Allowed authentication methods' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v3')
-add:objectclasses: (2.16.840.1.113730.3.8.12.19 NAME 'ipaUserAuthTypeClass' SUP top AUXILIARY DESC 'Class for authentication methods definition' MAY ipaUserAuthType X-ORIGIN 'IPA v3')
diff --git a/install/updates/10-70ipaotp.update b/install/updates/10-70ipaotp.update
deleted file mode 100644
index ad9e45ba..00000000
--- a/install/updates/10-70ipaotp.update
+++ /dev/null
@@ -1,25 +0,0 @@
-dn: cn=schema
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.1  NAME 'ipatokenUniqueID' DESC 'Token Unique Identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.2  NAME 'ipatokenDisabled' DESC 'Optionally marks token as Disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.3  NAME 'ipatokenNotBefore' DESC 'Token validity date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.4  NAME 'ipatokenNotAfter' DESC 'Token expiration date' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.5  NAME 'ipatokenVendor' DESC 'Optional Vendor identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.6  NAME 'ipatokenModel' DESC 'Optional Model identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.7  NAME 'ipatokenSerial' DESC 'OTP Token Serial number' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.8  NAME 'ipatokenOTPkey' DESC 'OTP Token Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.9  NAME 'ipatokenOTPalgorithm' DESC 'OTP Token Algorithm' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.10 NAME 'ipatokenOTPdigits' DESC 'OTP Token Number of digits' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.11 NAME 'ipatokenTOTPclockOffset' DESC 'TOTP clock offset' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.12 NAME 'ipatokenTOTPtimeStep' DESC 'TOTP time-step' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.13 NAME 'ipatokenOwner' DESC 'User entry that owns this token' SUP distinguishedName SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.14 NAME 'ipatokenRadiusUserName' DESC 'Corresponding Radius username' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.15 NAME 'ipatokenRadiusConfigLink' DESC 'Corresponding Radius Configuration link' SUP distinguishedName SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.16 NAME 'ipatokenRadiusServer' DESC 'Server String Configuration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.17 NAME 'ipatokenRadiusSecret' DESC 'Server Secret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.18 NAME 'ipatokenRadiusTimeout' DESC 'Server Timeout' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.19 NAME 'ipatokenRadiusRetries' DESC 'Number of allowed Retries' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:attributeTypes: (2.16.840.1.113730.3.8.16.1.20 NAME 'ipatokenUserMapAttribute' DESC 'Attribute to map from the user entry for RADIUS server authentication' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA OTP')
-add:objectClasses:  (2.16.840.1.113730.3.8.16.2.1  NAME 'ipaToken' SUP top ABSTRACT DESC 'Abstract token class for tokens' MUST (ipatokenUniqueID) MAY (description $$ ipatokenOwner $$ ipatokenDisabled $$ ipatokenNotBefore $$ ipatokenNotAfter $$ ipatokenVendor $$ ipatokenModel $$ ipatokenSerial) X-ORIGIN 'IPA OTP')
-add:objectClasses:  (2.16.840.1.113730.3.8.16.2.2  NAME 'ipatokenTOTP' SUP ipaToken STRUCTURAL DESC 'TOTP Token Type' MAY (ipatokenOTPkey $$ ipatokenOTPalgorithm $$ ipatokenOTPdigits $$ ipatokenTOTPclockOffset $$ ipatokenTOTPtimeStep) X-ORIGIN 'IPA OTP')
-add:objectClasses:  (2.16.840.1.113730.3.8.16.2.3  NAME 'ipatokenRadiusProxyUser' SUP top AUXILIARY DESC 'Radius Proxy User' MUST (ipatokenRadiusConfigLink) MAY (ipatokenRadiusUserName) X-ORIGIN 'IPA OTP')
-add:objectClasses:  (2.16.840.1.113730.3.8.16.2.4  NAME 'ipatokenRadiusConfiguration' SUP top STRUCTURAL DESC 'Proxy Radius Configuration' MUST (cn $$ ipatokenRadiusServer $$ ipatokenRadiusSecret) MAY (description $$ ipatokenRadiusTimeout $$ ipatokenRadiusRetries $$ ipatokenUserMapAttribute) X-ORIGIN 'IPA OTP')
diff --git a/install/updates/10-RFC2307bis.update b/install/updates/10-RFC2307bis.update
deleted file mode 100644
index afb17bbf..00000000
--- a/install/updates/10-RFC2307bis.update
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-# Schema derived from RFC 2307bis:
-#	"An Approach for Using LDAP as a Network Information Service"
-# 
-dn: cn=schema
-add: attributeTypes:
-   ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' 
-     DESC 'nisPublickey'
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     X-ORIGIN 'RFC2307bis' )
-add:attributeTypes:
-   ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey'
-     DESC 'nisSecretkey'
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     X-ORIGIN 'RFC2307bis' )
-add:attributeTypes:
-   ( 1.3.6.1.4.1.1.1.1.12 NAME 'nisDomain'
-     DESC 'NIS domain'
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     X-ORIGIN 'RFC2307bis' )
-add:attributeTypes:
-   ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember'
-     DESC 'mgrpRFC822MailMember'
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     X-ORIGIN 'RFC2307bis' )
-add:attributeTypes:
-   ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser'
-     DESC 'nisNetIdUser'
-     EQUALITY caseExactIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     X-ORIGIN 'RFC2307bis' )
-add:attributeTypes:
-   ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup'
-     DESC 'nisNetIdGroup'
-     EQUALITY caseExactIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     X-ORIGIN 'RFC2307bis' )
-add:attributeTypes:
-   ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost'
-     DESC 'nisNetIdHost'
-     EQUALITY caseExactIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     X-ORIGIN 'RFC2307bis' )
-add:objectClasses:
-   ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject'
-     DESC 'nisKeyObject' SUP top
-     MUST ( cn $$ nisPublickey $$ nisSecretkey )
-     MAY ( uidNumber $$ description ) )
-add:objectClasses:
-   ( 1.3.1.6.1.1.1.2.15 NAME 'nisDomainObject'
-     DESC 'nisDomainObject' SUP top AUXILIARY
-     MUST ( nisDomain ) )
-add:objectClasses:
-   ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup'
-     DESC 'mailGroup' SUP top
-     MUST ( mail )
-     MAY ( cn $$ mgrpRFC822MailMember ) )
-add:objectClasses:
-   ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId'
-     DESC 'nisNetId' SUP top
-     MUST ( cn )
-     MAY ( nisNetIdUser $$ nisNetIdGroup $$ nisNetIdHost ) )
diff --git a/install/updates/10-RFC4876.update b/install/updates/10-RFC4876.update
deleted file mode 100644
index 4ec6f839..00000000
--- a/install/updates/10-RFC4876.update
+++ /dev/null
@@ -1,146 +0,0 @@
-#
-# Schema more or less verbatim from RFC 4876:
-#	"A Configuration Profile Schema for Lightweight Directory Access
-#	 Protocol (LDAP)-Based Agents"
-#
-dn: cn=schema
-add:attributeTypes: 
-   ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList'
-     DESC 'List of default servers'
-     EQUALITY caseIgnoreMatch
-     SUBSTR caseIgnoreSubstringsMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
-add:attributeTypes: 
-   ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase'
-     DESC 'Default base for searches'
-     EQUALITY distinguishedNameMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
-add:attributeTypes: 
-   ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList'
-     DESC 'List of preferred servers'
-     EQUALITY caseIgnoreMatch
-     SUBSTR caseIgnoreSubstringsMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
-add:attributeTypes: 
-   ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit'
-     DESC 'Maximum time an agent or service allows for a
-     search to complete'
-     EQUALITY integerMatch
-     ORDERING integerOrderingMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
-add:attributeTypes: 
-   ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit'
-     DESC 'Maximum time an agent or service allows for a
-     bind operation to complete'
-     EQUALITY integerMatch
-     ORDERING integerOrderingMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
-add:attributeTypes: 
-   ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals'
-     DESC 'An agent or service does or should follow referrals'
-     EQUALITY booleanMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
-add:attributeTypes:" 
-   ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod'
-     DESC 'Identifies the types of authentication methods either
-     used, required, or provided by a service or peer'
-     EQUALITY caseIgnoreMatch
-     SUBSTR caseIgnoreSubstringsMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )"
-add:attributeTypes:" 
-   ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL'
-     DESC 'Time to live, in seconds, before a profile is
-     considered stale'
-     EQUALITY integerMatch
-     ORDERING integerOrderingMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )"
-add:attributeTypes:" 
-   ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap'
-     DESC 'Attribute mappings used, required, or supported by an
-     agent or service'
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
-     X-ORIGIN 'RFC4876' )"
-add:attributeTypes:" 
-   ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel'
-     DESC 'Identifies type of credentials either used, required,
-     or supported by an agent or service'
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )"
-add:attributeTypes:" 
-   ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap'
-     DESC 'Object class mappings used, required, or supported by
-     an agent or service'
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
-     X-ORIGIN 'RFC4876' )"
-add:attributeTypes: 
-   ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope'
-     DESC 'Default scope used when performing a search'
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )
-add:attributeTypes:" 
-   ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel'
-     DESC 'Specifies the type of credentials either used, required,
-     or supported by a specific service'
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
-     X-ORIGIN 'RFC4876' )"
-add:attributeTypes:" 
-   ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor'
-     DESC 'Specifies search descriptors required, used, or
-     supported by a particular service or agent'
-     EQUALITY caseExactMatch
-     SUBSTR caseExactSubstringsMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
-     X-ORIGIN 'RFC4876' )"
-add:attributeTypes:" 
-   ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod'
-     DESC 'Specifies types authentication methods either
-     used, required, or supported by a particular service'
-     EQUALITY caseIgnoreMatch
-     SUBSTR caseIgnoreSubstringsMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
-     X-ORIGIN 'RFC4876' )"
-add:attributeTypes:" 
-   ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases'
-     DESC 'Specifies if a service or agent either requires,
-     supports, or uses dereferencing of aliases.'
-     EQUALITY booleanMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-     SINGLE-VALUE 
-     X-ORIGIN 'RFC4876' )"
-add:objectClasses: 
-   ( 1.3.6.1.4.1.11.1.3.1.2.5 NAME 'DUAConfigProfile'
-     SUP top STRUCTURAL
-     DESC 'Abstraction of a base configuration for a DUA'
-     MUST ( cn )
-     MAY ( defaultServerList $$ preferredServerList $$
-           defaultSearchBase $$ defaultSearchScope $$
-           searchTimeLimit $$ bindTimeLimit $$
-           credentialLevel $$ authenticationMethod $$
-           followReferrals $$ dereferenceAliases $$
-           serviceSearchDescriptor $$ serviceCredentialLevel $$
-           serviceAuthenticationMethod $$ objectclassMap $$
-           attributeMap $$ profileTTL ) 
-     X-ORIGIN 'RFC4876' )
diff --git a/install/updates/10-bind-schema.update b/install/updates/10-bind-schema.update
deleted file mode 100644
index 2f3fa0ab..00000000
--- a/install/updates/10-bind-schema.update
+++ /dev/null
@@ -1,83 +0,0 @@
-#
-# New schema enhancements from:
-#       https://fedorahosted.org/bind-dyndb-ldap/browser/doc/schema
-#
-dn: cn=schema
-add:attributeTypes:
-    ( 2.16.840.1.113730.3.8.5.11
-      NAME 'idnsAllowQuery'
-      DESC 'BIND9 allow-query ACL element'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-      X-ORIGIN 'IPA v2')
-add:attributeTypes:
-    ( 2.16.840.1.113730.3.8.5.12
-      NAME 'idnsAllowTransfer'
-      DESC 'BIND9 allow-transfer ACL element'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-      X-ORIGIN 'IPA v2')
-add:attributeTypes:
-    ( 2.16.840.1.113730.3.8.5.13
-      NAME 'idnsAllowSyncPTR'
-      DESC 'permit synchronization of PTR records'
-      EQUALITY booleanMatch
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-      SINGLE-VALUE
-      X-ORIGIN 'IPA v2' )
-add:attributeTypes:
-    ( 2.16.840.1.113730.3.8.5.14
-      NAME 'idnsForwardPolicy'
-      DESC 'forward policy: only or first'
-      EQUALITY caseIgnoreIA5Match
-      SUBSTR caseIgnoreIA5SubstringsMatch
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-      X-ORIGIN 'IPA v2' )
-add:attributeTypes:
-    ( 2.16.840.1.113730.3.8.5.15
-      NAME 'idnsForwarders'
-      DESC 'list of forwarders'
-      EQUALITY caseIgnoreIA5Match
-      SUBSTR caseIgnoreIA5SubstringsMatch
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      X-ORIGIN 'IPA v2' )
-add:attributeTypes:
-    ( 2.16.840.1.113730.3.8.5.16
-      NAME 'idnsZoneRefresh'
-      DESC 'zone refresh interval'
-      EQUALITY integerMatch
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-      SINGLE-VALUE
-      X-ORIGIN 'IPA v2' )
-add:attributeTypes:
-    ( 2.16.840.1.113730.3.8.5.17
-      NAME 'idnsPersistentSearch'
-      DESC 'allow persistent searches'
-      EQUALITY booleanMatch
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-      SINGLE-VALUE
-      X-ORIGIN 'IPA v2' )
-add:objectClasses:
-    ( 2.16.840.1.113730.3.8.6.2
-      NAME 'idnsConfigObject'
-      DESC 'DNS global config options'
-      STRUCTURAL
-      MAY ( idnsForwardPolicy $$ idnsForwarders $$ idnsAllowSyncPTR $$
-        idnsZoneRefresh $$ idnsPersistentSearch
-      ) )
-add:objectClasses:
-    ( 2.16.840.1.113730.3.8.12.18
-      NAME 'ipaDNSZone'
-      SUP top AUXILIARY
-      MUST idnsName
-      MAY managedBy
-      X-ORIGIN 'IPA v3' )
-
-dn: cn=schema
-replace:objectClasses:( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord STRUCTURAL MUST ( idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY idnsUpdatePolicy )::( 2.16.840.1.113730.3.8.6.1 NAME 'idnsZone' DESC 'Zone class' SUP idnsRecord    STRUCTURAL MUST ( idnsName $$ idnsZoneActive $$ idnsSOAmName $$ idnsSOArName $$ idnsSOAserial $$ idnsSOArefresh $$ idnsSOAretry $$ idnsSOAexpire $$ idnsSOAminimum ) MAY ( idnsUpdatePolicy $$ idnsAllowQuery $$ idnsAllowTransfer $$ idnsAllowSyncPTR $$ idnsForwardPolicy $$ idnsForwarders ) )
-replace:attributeTypes:"(1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)::( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )"
-replace:attributeTypes: (0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)::( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-replace:objectClasses:"( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( cn $$ idnsAllowDynUpdate $$ DNSTTL $$ DNSClass $$ ARecord $$ AAAARecord $$ A6Record $$ NSRecord $$ CNAMERecord $$ PTRRecord $$ SRVRecord $$ TXTRecord $$ MXRecord $$ MDRecord $$ HINFORecord $$ MINFORecord $$ AFSDBRecord $$ SIGRecord $$ KEYRecord $$ LOCRecord $$ NXTRecord $$ NAPTRRecord $$ KXRecord $$ CERTRecord $$ DNAMERecord $$ DSRecord $$ SSHFPRecord $$ RRSIGRecord $$ NSECRecord ) )::( 2.16.840.1.113730.3.8.6.0 NAME 'idnsRecord' DESC 'dns Record, usually a host' SUP top STRUCTURAL MUST idnsName MAY ( idnsAllowDynUpdate $$ DNSTTL $$ DNSClass $$ ARecord $$ AAAARecord $$ A6Record $$ NSRecord $$ CNAMERecord $$ PTRRecord $$ SRVRecord $$ TXTRecord $$ MXRecord $$ MDRecord $$ HINFORecord $$ MINFORecord $$ AFSDBRecord $$ SIGRecord $$ KEYRecord $$ LOCRecord $$ NXTRecord $$ NAPTRRecord $$ KXRecord $$ CERTRecord $$ DNAMERecord $$ DSRecord $$ SSHFPRecord $$ RRSIGRecord $$ NSECRecord ) )"
diff --git a/install/updates/10-selinuxusermap.update b/install/updates/10-selinuxusermap.update
index c5a5167a..a7fbef46 100644
--- a/install/updates/10-selinuxusermap.update
+++ b/install/updates/10-selinuxusermap.update
@@ -1,47 +1,3 @@
-# Add the SELinux User map config schema
-dn: cn=schema
-add:attributeTypes:
-   ( 2.16.840.1.113730.3.8.3.26
-     NAME 'ipaSELinuxUserMapDefault'
-     DESC 'Default SELinux user'
-     EQUALITY caseIgnoreMatch
-     ORDERING caseIgnoreMatch
-     SUBSTR caseIgnoreSubstringsMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
-     X-ORIGIN 'IPA v3')
-add:attributeTypes:
-   ( 2.16.840.1.113730.3.8.3.27
-     NAME 'ipaSELinuxUserMapOrder'
-     DESC 'Available SELinux user context ordering'
-     EQUALITY caseIgnoreMatch
-     ORDERING caseIgnoreMatch
-     SUBSTR caseIgnoreSubstringsMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
-     X-ORIGIN 'IPA v3')
-replace:objectClasses:( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase ) )::( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder) )
-
-# Add the default PAC service type relies on the new SELinux user map
-# values being there so add it here.
-dn: cn=schema
-replace:objectClasses:( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder ) )::( 2.16.840.1.113730.3.8.2.1 NAME 'ipaGuiConfig' AUXILIARY MAY ( ipaUserSearchFields $$ ipaGroupSearchFields $$ ipaSearchTimeLimit $$ ipaSearchRecordsLimit $$ ipaCustomFields $$ ipaHomesRootDir $$ ipaDefaultLoginShell $$ ipaDefaultPrimaryGroup $$ ipaMaxUsernameLength $$ ipaPwdExpAdvNotify $$ ipaUserObjectClasses $$ ipaGroupObjectClasses $$ ipaDefaultEmailDomain $$ ipaMigrationEnabled $$ ipaCertificateSubjectBase $$ ipaSELinuxUserMapDefault $$ ipaSELinuxUserMapOrder $$ ipaKrbAuthzData) )
-
-# Add the SELinux User map schema
-add:attributeTypes:
-   ( 2.16.840.1.113730.3.8.11.30
-     NAME 'ipaSELinuxUser'
-     DESC 'An SELinux user'
-     EQUALITY caseIgnoreMatch
-     ORDERING caseIgnoreOrderingMatch
-     SUBSTR caseIgnoreSubstringsMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
-     X-ORIGIN 'IPA v3')
-add:objectClasses:
-   ( 2.16.840.1.113730.3.8.12.10
-     NAME 'ipaSELinuxUserMap' SUP ipaAssociation
-     STRUCTURAL MUST ipaSELinuxUser
-     MAY ( accessTime $$ seeAlso )
-     X-ORIGIN 'IPA v3')
-
 # Create the SELinux User map container
 dn: cn=selinux,$SUFFIX
 default:objectClass: top
@@ -52,4 +8,3 @@ dn: cn=usermap,cn=selinux,$SUFFIX
 default:objectClass: top
 default:objectClass: nsContainer
 default:cn: usermap
-
diff --git a/install/updates/10-ssh.update b/install/updates/10-ssh.update
deleted file mode 100644
index 8e52d59f..00000000
--- a/install/updates/10-ssh.update
+++ /dev/null
@@ -1,21 +0,0 @@
-# Add the SSH schema
-dn: cn=schema
-add:attributeTypes:
-   ( 2.16.840.1.113730.3.8.11.31 NAME 'ipaSshPubKey'
-     DESC 'SSH public key'
-     EQUALITY octetStringMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-     X-ORIGIN 'IPA v3' )
-add:objectClasses:
-   ( 2.16.840.1.113730.3.8.12.11 NAME 'ipaSshGroupOfPubKeys'
-     ABSTRACT
-     MAY ipaSshPubKey
-     X-ORIGIN 'IPA v3' )
-add:objectClasses:
-   ( 2.16.840.1.113730.3.8.12.12 NAME 'ipaSshUser'
-     SUP ipaSshGroupOfPubKeys AUXILIARY
-     X-ORIGIN 'IPA v3' )
-add:objectClasses:
-   ( 2.16.840.1.113730.3.8.12.13 NAME 'ipaSshHost'
-     SUP ipaSshGroupOfPubKeys AUXILIARY
-     X-ORIGIN 'IPA v3' )
diff --git a/install/updates/10-sudo.update b/install/updates/10-sudo.update
deleted file mode 100644
index a12da004..00000000
--- a/install/updates/10-sudo.update
+++ /dev/null
@@ -1,42 +0,0 @@
-# Update the SUDO schema
-# These are the deltas from the new Sudo Schema
-# This is required for updating older installs which are
-# missing the new attributes.
-dn: cn=schema
-add:attributeTypes:
-   ( 1.3.6.1.4.1.15953.9.1.6
-     NAME 'sudoRunAsUser'
-     DESC 'User(s) impersonated by sudo'
-     EQUALITY caseExactIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     X-ORIGIN 'SUDO' )
-add:attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7
-     NAME 'sudoRunAsGroup'
-     DESC 'Group(s) impersonated by sudo'
-     EQUALITY caseExactIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     X-ORIGIN 'SUDO' )
-add:attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8
-     NAME 'sudoNotBefore'
-     DESC 'Start of time interval for which the entry is valid'
-     EQUALITY generalizedTimeMatch
-     ORDERING generalizedTimeOrderingMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-     X-ORIGIN 'SUDO' )
-add:attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9
-     NAME 'sudoNotAfter'
-     DESC 'End of time interval for which the entry is valid'
-     EQUALITY generalizedTimeMatch
-     ORDERING generalizedTimeOrderingMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-     X-ORIGIN 'SUDO' )
-add:attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10
-     NAME 'sudoOrder'
-     DESC 'an integer to order the sudoRole entries'
-     EQUALITY integerMatch
-     ORDERING integerOrderingMatch
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-     X-ORIGIN 'SUDO' )
-replace:objectClasses:( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer Entries' STRUCTURAL MUST cn MAY ( sudoUser $$ sudoHost $$ sudoCommand $$ sudoRunAs $$ sudoOption $$ description ) X-ORIGIN 'SUDO' )::( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $$ sudoHost $$ sudoCommand $$ sudoRunAs $$ sudoRunAsUser $$ sudoRunAsGroup $$ sudoOption $$ sudoNotBefore $$ sudoNotAfter $$ sudoOrder $$ description ) X-ORIGIN 'SUDO')
-
-replace:objectClasses: ( 2.16.840.1.113730.3.8.8.1 NAME 'ipaSudoRule' SUP ipaAssociation STRUCTURAL MAY ( externalUser $$ externalHost $$ hostMask $$ memberAllowCmd $$ memberDenyCmd $$ cmdCategory $$ ipaSudoOpt $$ ipaSudoRunAs $$ ipaSudoRunAsExtUser $$ ipaSudoRunAsUserCategory $$ ipaSudoRunAsGroup $$ ipaSudoRunAsExtGroup $$ ipaSudoRunAsGroupCategory ) X-ORIGIN 'IPA v2' )::(2.16.840.1.113730.3.8.8.1 NAME 'ipaSudoRule' SUP ipaAssociation STRUCTURAL MAY ( externalUser $$ externalHost $$ hostMask $$ memberAllowCmd $$ memberDenyCmd $$ cmdCategory $$ ipaSudoOpt $$ ipaSudoRunAs $$ ipaSudoRunAsExtUser $$ ipaSudoRunAsUserCategory $$ ipaSudoRunAsGroup $$ ipaSudoRunAsExtGroup $$ ipaSudoRunAsGroupCategory $$ sudoNotBefore $$ sudoNotAfter $$ sudoOrder) X-ORIGIN 'IPA v2' )
diff --git a/install/updates/60-trusts.update b/install/updates/60-trusts.update
index 21356b3c..e0a289d4 100644
--- a/install/updates/60-trusts.update
+++ b/install/updates/60-trusts.update
@@ -1,32 +1,3 @@
-dn: cn=schema
-add:attributeTypes: (2.16.840.1.113730.3.8.11.2 NAME 'ipaNTSecurityIdentifier' DESC 'NT Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.23 NAME 'ipaNTTrustedDomainSID' DESC 'NT Trusted Domain Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.3 NAME 'ipaNTFlatName' DESC 'Flat/Netbios Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.4 NAME 'ipaNTFallbackPrimaryGroup' DESC 'Fallback Group to set the Primary group Security Identifier for users with UPGs' SUP distinguishedName X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.5 NAME 'ipaNTHash' DESC 'NT Hash of user password' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.6 NAME 'ipaNTLogonScript' DESC 'User Logon Script Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.7 NAME 'ipaNTProfilePath' DESC 'User Profile Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.8 NAME 'ipaNTHomeDirectory' DESC 'User Home Directory Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.9 NAME 'ipaNTHomeDirectoryDrive' DESC 'User Home Drive Letter' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.10 NAME 'ipaNTDomainGUID' DESC 'NT Domain GUID' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.11 NAME 'ipaNTTrustType' DESC 'Type of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.12 NAME 'ipaNTTrustAttributes' DESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.13 NAME 'ipaNTTrustDirection' DESC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.14 NAME 'ipaNTTrustPartner' DESC 'Fully qualified name of the domain with which a trust exists' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.15 NAME 'ipaNTTrustAuthOutgoing' DESC 'Authentication information for the outgoing portion of a trust' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.16 NAME 'ipaNTTrustAuthIncoming' DESC 'Authentication information for the incoming portion of a trust' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.17 NAME 'ipaNTTrustForestTrustInfo' DESC 'Forest trust information for a trusted domain object' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.18 NAME 'ipaNTTrustPosixOffset' DESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.19 NAME 'ipaNTSupportedEncryptionTypes' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-add:objectClasses: (2.16.840.1.113730.3.8.12.2 NAME 'ipaNTUserAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) MAY ( ipaNTHash $$ ipaNTLogonScript $$ ipaNTProfilePath $$ ipaNTHomeDirectory $$ ipaNTHomeDirectoryDrive ) X-ORIGIN 'IPA v3' )
-add:objectClasses: (2.16.840.1.113730.3.8.12.3 NAME 'ipaNTGroupAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' )
-add:objectClasses: (2.16.840.1.113730.3.8.12.4 NAME 'ipaNTDomainAttrs' SUP top AUXILIARY MUST ( ipaNTSecurityIdentifier $$ ipaNTFlatName $$ ipaNTDomainGUID ) MAY ( ipaNTFallbackPrimaryGroup ) X-ORIGIN 'IPA v3' )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.38 NAME 'ipaNTSIDBlacklistIncoming' DESC 'Extra SIDs filtered out from incoming MS-PAC' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3' )
-add:attributeTypes: ( 2.16.840.1.113730.3.8.11.39 NAME 'ipaNTSIDBlacklistOutgoing' DESC 'Extra SIDs filtered out from outgoing MS-PAC' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3' )
-replace:objectClasses: (2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' SUP top STRUCTURAL DESC 'Trusted Domain Object' MUST ( cn ) MAY ( ipaNTTrustType $$ ipaNTTrustAttributes $$ ipaNTTrustDirection $$ ipaNTTrustPartner $$ ipaNTFlatName $$ ipaNTTrustAuthOutgoing $$ ipaNTTrustAuthIncoming $$ ipaNTSecurityIdentifier $$ ipaNTTrustForestTrustInfo $$ ipaNTTrustPosixOffset $$ ipaNTSupportedEncryptionTypes) )::(2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' SUP top STRUCTURAL DESC 'Trusted Domain Object' MUST ( cn ) MAY ( ipaNTTrustType $$ ipaNTTrustAttributes $$ ipaNTTrustDirection $$ ipaNTTrustPartner $$ ipaNTFlatName $$ ipaNTTrustAuthOutgoing $$ ipaNTTrustAuthIncoming $$ ipaNTTrustedDomainSID $$ ipaNTTrustForestTrustInfo $$ ipaNTTrustPosixOffset $$ ipaNTSupportedEncryptionTypes $$ ipaNTSIDBlacklistIncoming $$ ipaNTSIDBlacklistOutgoing) )
-replace:objectClasses: (2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' SUP top STRUCTURAL DESC 'Trusted Domain Object' MUST ( cn ) MAY ( ipaNTTrustType $$ ipaNTTrustAttributes $$ ipaNTTrustDirection $$ ipaNTTrustPartner $$ ipaNTFlatName $$ ipaNTTrustAuthOutgoing $$ ipaNTTrustAuthIncoming $$ ipaNTTrustedDomainSID $$ ipaNTTrustForestTrustInfo $$ ipaNTTrustPosixOffset $$ ipaNTSupportedEncryptionTypes) )::(2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' SUP top STRUCTURAL DESC 'Trusted Domain Object' MUST ( cn ) MAY ( ipaNTTrustType $$ ipaNTTrustAttributes $$ ipaNTTrustDirection $$ ipaNTTrustPartner $$ ipaNTFlatName $$ ipaNTTrustAuthOutgoing $$ ipaNTTrustAuthIncoming $$ ipaNTTrustedDomainSID $$ ipaNTTrustForestTrustInfo $$ ipaNTTrustPosixOffset $$ ipaNTSupportedEncryptionTypes $$ ipaNTSIDBlacklistIncoming $$ ipaNTSIDBlacklistOutgoing) )
-add:objectClasses: (2.16.840.1.113730.3.8.12.5 NAME 'ipaNTTrustedDomain' SUP top STRUCTURAL DESC 'Trusted Domain Object' MUST ( cn ) MAY ( ipaNTTrustType $$ ipaNTTrustAttributes $$ ipaNTTrustDirection $$ ipaNTTrustPartner $$ ipaNTFlatName $$ ipaNTTrustAuthOutgoing $$ ipaNTTrustAuthIncoming $$ ipaNTTrustedDomainSID $$ ipaNTTrustForestTrustInfo $$ ipaNTTrustPosixOffset $$ ipaNTSupportedEncryptionTypes $$ ipaNTSIDBlacklistIncoming $$ ipaNTSIDBlacklistOutgoing) )
-
 dn: cn=trust admins,cn=groups,cn=accounts,$SUFFIX
 default: objectClass: top
 default: objectClass: groupofnames
@@ -72,13 +43,3 @@ replace:aci:'(targetattr = "userPassword || krbPrincipalKey || sambaLMPassword |
 # Add the default PAC type to configuration
 dn: cn=ipaConfig,cn=etc,$SUFFIX
 addifnew: ipaKrbAuthzData: MS-PAC
-
-# Fix typo in some installs in the spelling of ORDERING. They were added
-# with a typo which was silently dropped by 389-ds-base, so add in the
-# proper ordering syntax now.
-replace:attributeTypes: (2.16.840.1.113730.3.8.11.3 NAME 'ipaNTFlatName' DESC 'Flat/Netbios Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' ) :: (2.16.840.1.113730.3.8.11.3 NAME 'ipaNTFlatName' DESC 'Flat/Netbios Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-replace:attributeTypes: (2.16.840.1.113730.3.8.11.5 NAME 'ipaNTHash' DESC 'NT Hash of user password' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'IPA v3' ) :: (2.16.840.1.113730.3.8.11.5 NAME 'ipaNTHash' DESC 'NT Hash of user password' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-replace:attributeTypes: (2.16.840.1.113730.3.8.11.6 NAME 'ipaNTLogonScript' DESC 'User Logon Script Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' ) :: (2.16.840.1.113730.3.8.11.6 NAME 'ipaNTLogonScript' DESC 'User Logon Script Name' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-replace:attributeTypes: (2.16.840.1.113730.3.8.11.7 NAME 'ipaNTProfilePath' DESC 'User Profile Path' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' ) :: (2.16.840.1.113730.3.8.11.7 NAME 'ipaNTProfilePath' DESC 'User Profile Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-replace:attributeTypes: (2.16.840.1.113730.3.8.11.8 NAME 'ipaNTHomeDirectory' DESC 'User Home Directory Path' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' ) :: (2.16.840.1.113730.3.8.11.8 NAME 'ipaNTHomeDirectory' DESC 'User Home Directory Path' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-replace:attributeTypes: (2.16.840.1.113730.3.8.11.9 NAME 'ipaNTHomeDirectoryDrive' DESC 'User Home Drive Letter' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' ) :: (2.16.840.1.113730.3.8.11.9 NAME 'ipaNTHomeDirectoryDrive' DESC 'User Home Drive Letter' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'IPA v3' )
diff --git a/install/updates/62-ranges.update b/install/updates/62-ranges.update
index c2eb6dca..0248034e 100644
--- a/install/updates/62-ranges.update
+++ b/install/updates/62-ranges.update
@@ -1,15 +1,3 @@
-dn: cn=schema
-add:attributeTypes: (2.16.840.1.113730.3.8.11.33 NAME 'ipaBaseID' DESC 'First value of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.34 NAME 'ipaIDRangeSize' DESC 'Size of a Posix ID range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.35 NAME 'ipaBaseRID' DESC 'First value of a RID range' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.36 NAME 'ipaSecondaryBaseRID' DESC 'First value of a secondary RID range' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'IPA v3' )
-add:attributeTypes: (2.16.840.1.113730.3.8.11.41 NAME 'ipaRangeType' DESC 'Range type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'IPA v3' )
-add:objectClasses: (2.16.840.1.113730.3.8.12.14 NAME 'ipaIDobject' SUP top AUXILIARY MAY ( uidNumber $$ gidNumber $$ ipaNTSecurityIdentifier ) X-ORIGIN 'IPA v3' )
-add:objectClasses: (2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $$ ipaBaseID $$ ipaIDRangeSize ) X-ORIGIN 'IPA v3' )
-add:objectClasses: (2.16.840.1.113730.3.8.12.16 NAME 'ipaDomainIDRange' SUP ipaIDrange STRUCTURAL MAY ( ipaBaseRID $$ ipaSecondaryBaseRID ) X-ORIGIN 'IPA v3' )
-add:objectClasses: (2.16.840.1.113730.3.8.12.17 NAME 'ipaTrustedADDomainRange' SUP ipaIDrange STRUCTURAL MUST ( ipaBaseRID $$ ipaNTTrustedDomainSID ) X-ORIGIN 'IPA v3' )
-replace:objectClasses: (2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $$ ipaBaseID $$ ipaIDRangeSize ) X-ORIGIN 'IPA v3' )::(2.16.840.1.113730.3.8.12.15 NAME 'ipaIDrange' ABSTRACT MUST ( cn $$ ipaBaseID $$ ipaIDRangeSize $$ ipaRangeType ) X-ORIGIN 'IPA v3' )
-
 dn: cn=ranges,cn=etc,$SUFFIX
 default: objectClass: top
 default: objectClass: nsContainer
@@ -35,4 +23,3 @@ default: nsslapd-basedn: $SUFFIX
 # Add new ipaIDobject to DNA plugin configuraton
 dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
 replace:dnaFilter:(|(objectclass=posixAccount)(objectClass=posixGroup))::(|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject))
-
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index 40c3b3c8..66f0cd57 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -2,17 +2,9 @@ NULL =
 
 appdir = $(IPA_DATA_DIR)/updates
 app_DATA =				\
-	10-60basev2.update		\
-	10-60basev3.update		\
-	10-70ipaotp.update		\
-	10-RFC2307bis.update		\
-	10-RFC4876.update		\
 	10-config.update		\
 	10-enable-betxn.update		\
 	10-selinuxusermap.update	\
-	10-sudo.update			\
-	10-ssh.update			\
-	10-bind-schema.update		\
 	10-uniqueness.update		\
 	10-schema_compat.update		\
 	19-managed-entries.update	\
diff --git a/install/updates/README b/install/updates/README
index 17528045..86ae17d4 100644
--- a/install/updates/README
+++ b/install/updates/README
@@ -9,7 +9,7 @@ of the DN to get the sorting correct.
 The file names should use the format #-<description>.update where # conforms
 to this:
 
-10 - 19: Schema
+10 - 19: Configuration
 20 - 29: 389-ds configuration, new indices
 30 - 39: Structual elements of the DIT
 40 - 49: Pre-loaded data
author	Petr Viktorin <pviktori@redhat.com>	2013-04-26 15:32:10 +0200
committer	Petr Viktorin <pviktori@redhat.com>	2013-11-18 16:54:21 +0100
commit	d9a1c09e7c70af697676449dab6737da0a392f66 (patch)
tree	8f1cc2a8fe60f9e9e89c6512cca3d2e5134bc841 /install
parent	b25f807fbfe0a4279a459c510f4efe9ad8a8a755 (diff)
download	freeipa-d9a1c09e7c70af697676449dab6737da0a392f66.tar.gz freeipa-d9a1c09e7c70af697676449dab6737da0a392f66.tar.xz freeipa-d9a1c09e7c70af697676449dab6737da0a392f66.zip