docs: document NetWare 4.11 schema import plan

REDESIGN.md

@@ -986,6 +986,79 @@ Examples of setup-owned work:
 the local bootstrap path should avoid requiring a running LDAP server and should
 not make LDAP the canonical internal representation.
 
+### NetWare 4.11 schema acquisition and import
+
+The future NetWare 4.x directory schema should not be invented from memory or
+from a small sample file.  Real NetWare 4.11 installations appear to carry more
+complete schema material than the standalone `*.SCH` examples.  Some schema
+fragments, such as `NLS.SCH`, are useful format samples: they are readable ASN.1-
+style schema definition files containing `ATTRIBUTE` and `OBJECT-CLASS` blocks,
+`SyntaxID`, `Flags`, `SubClassOf`, `ContainedBy`, `NamedBy`, `MustContain`,
+`MayContain`, and `ASN1ObjID` fields.  However, such files should be treated as
+partial extension/schema examples, not as the canonical complete 4.11 schema.
+
+The initial canonical schema source should come from a real NetWare 4.11
+installation.  If the complete schema is embedded in installer data such as
+`install.dat`, the acquisition path should be documented and reproduced rather
+than guessed:
+
+```text
+NetWare 4.11 install media / installed server
+  -> extract or export complete NDS schema material
+  -> inspect native schema records and standalone .SCH fragments
+  -> convert/import through nwsetup
+  -> libdirectory schema objects
+  -> libflaim-backed store
+```
+
+`nwsetup` should eventually support both a native NetWare 4.11 schema import path
+and an LDIF import/export path:
+
+```text
+nwsetup directory import-schema --format=netware411 <schema-source>
+nwsetup directory import-schema --format=ldif       <schema.ldif>
+nwsetup directory export-schema --format=ldif      > schema.ldif
+```
+
+LDIF remains valuable because it is readable, diffable, testable, and useful for
+interoperability with the LDAP-facing `nwdirectory` service.  It should not be
+the only possible source of truth.  Once the native NetWare 4.11 schema format is
+understood, a native reader can avoid conversion loss and can preserve
+NetWare-specific syntax IDs, flags, naming rules, containment rules, and class
+relationships before they are mapped into `libdirectory`.
+
+The import implementation should live below `nwsetup`, not inside protocol
+handlers:
+
+```text
+nwsetup
+  -> schema import layer
+       -> NetWare 4.11/native schema reader
+       -> .SCH fragment reader
+       -> LDIF reader/writer
+  -> libdirectory schema API
+  -> libflaim
+```
+
+The schema import layer must record provenance.  Imported schema sets should be
+versioned with at least the source system, source file/archive, NetWare version,
+import tool version, and conversion warnings.  This makes it possible to compare
+a later extracted 4.11 schema against the current mars-nwe schema without
+pretending that hand-written defaults are authoritative.
+
+Open questions that should stay explicit until real 4.11 media has been
+inspected:
+
+- exact native schema storage format inside `install.dat` or the installed tree;
+- whether all core classes/attributes are present as ASN.1-like `.SCH` text,
+  binary records, or both;
+- mapping of NetWare/NDS syntax IDs to `libdirectory` internal syntaxes and LDAP
+  syntaxes;
+- preservation of NDS flags such as single-valued, container/effective class,
+  naming, containment, and mandatory/optional attribute sets;
+- how Bindery-compatibility object classes and attributes are represented in the
+  same schema store.
+
 ### Admin, Supervisor, and directory password bootstrap/recovery
 
 The future typed INI must not carry reusable plaintext passwords for Admin,