CACHE_REQ: Only search the given domain when looking up entries by UPN
    
    We were searching UPNs in the whole sysdb, which made cache_req think the
    result came in from the domain it was searching.
    
    The bug manifested when a user from a trusted domain was looked by UPN,
    then cache_req searched the main domain, the result from subdomain was
    considered as coming from the main domain and as a result, the getpwnam()
    output was not qualified. That is a problem, because PAM applications
    often sanitize the user with getpwnam, so effectively a login with UPN
    was shortened to just a shortname and failed.
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>