AD: Implement a real getAccountDomain handler for the AD provider
After this patch, the AD provider drops the default getAccountDomain
handler in favor of the handler added in this patch.
The handler first checks if the domain is eligible for locating
the domain of an ID with the help of the Global Catalog at all, which
only happens if:
- the Global Catalog is enabled
- POSIX IDs are used, not ID-mapping
- the Global catalog contains some POSIX IDs
If all these hold true, then the Global Catalog is searched with
an empty search base, which searches the whole GC. If a single entry
is returned, its original DN is converted to a domain name and returned.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>