AD: Use the right sdap_domain for the forest root
Each ad_id_ctx structure which represents a trusted AD domain contains a
list of sdap_domain structures representing all the other domains. This
is used to e.g. be able to reach another domain's ad_id_ctx and use its
LDAP connection.
However, the sdap search call that was searching for trusted domains in
the forest that the root domain knows about, was unconditionally using
the first sdap_domain structure in the list linked from the root_domain's
ad_id_ctx structure.
It should be noted that this search only happens in case the machine is
joined to one of the non-root domains in the forest and searches the root
domain explicitly.
In case sdap_domain structures linked from the ad_id_ctx representing
the root domain were ordered so that the first sdap_domain in the list
was representing a different domain than the one linked from the
ad_id_ctx, the sdap search would have used a wrong search base derived
from the unexpected sdap_domain which would result in a referral being
returned.
This patch explicitly looks up the sdap_domain structure that
corresponds to the root domain.
Resolves:
https://pagure.io/SSSD/sssd/issue/3594
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>