9ac0712 AD: Use the right sdap_domain for the forest root

1 file Authored by jhrozek 6 years ago, Committed by lslebodn 6 years ago,
    AD: Use the right sdap_domain for the forest root
    
    Each ad_id_ctx structure which represents a trusted AD domain contains a
    list of sdap_domain structures representing all the other domains. This
    is used to e.g. be able to reach another domain's ad_id_ctx and use its
    LDAP connection.
    
    However, the sdap search call that was searching for trusted domains in
    the forest that the root domain knows about, was unconditionally using
    the first sdap_domain structure in the list linked from the root_domain's
    ad_id_ctx structure.
    
    It should be noted that this search only happens in case the machine is
    joined to one of the non-root domains in the forest and searches the root
    domain explicitly.
    
    In case sdap_domain structures linked from the ad_id_ctx representing
    the root domain were ordered so that the first sdap_domain in the list
    was representing a different domain than the one linked from the
    ad_id_ctx, the sdap search would have used a wrong search base derived
    from the unexpected sdap_domain which would result in a referral being
    returned.
    
    This patch explicitly looks up the sdap_domain structure that
    corresponds to the root domain.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3594
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
    Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>