[SSSD] Design document - Do not always override home directory with subdomain_homedir value in server mode

Hello, please see design page for simple - RFE: Do not always override home directory with subdomain_homedir value in server mode. https://fedorahosted.org/sssd/wiki/DesignDocs/use_AD_homedir ************************************************************************** ************************************************************************** ************************************************************************** = Do not always override home directory with subdomain_homedir value in server mode = Related ticket(s): * https://fedorahosted.org/sssd/ticket/2583 === Problem statement === Prior to sssd 1.12, we didn't have the ability to read home directory values from AD in AD-IPA trust setups at all. Instead, we always used the `subdomain_homedir` value. We can read custom LDAP values now, but in order to stay backwards-compatible, we kept using the `subdomain_homedir` value. === Use cases === Users from AD with POSIX attributes want to use individually set value for home directory. === Overview of the solution === `subdomain_homedir` for SSSD in server mode should support '%o' template expansion (The original home directory retrieved from the identity provider). In case when `subdomain_homedir` would be expanded to an empty string ('subdomain_homedir=%o' and AD user without POSIX attributes) SSSD should not error out but `fallback_homedir` should be utilized instead. === Implementation details === * Extend set of attributes returned by `get_object_from_cache()` by SYSDB_HOMEDIR attribute. * Update `apply_subdomain_homedir()` * to parse AD home dirrctory from ldb_msg * do not call `store_homedir_of_user()` if value of expanded home directory is an empty string. * Extend interface of `get_subdomain_homedir_of_user()` to accept AD home directory as parameter. === Configuration changes === No configuration changes are proposed. === How To Test === 1. On SSSD in server mode * For AD user with posix attributes set home directory attribute * in sssd.conf set `subdomain_homedir` option to '%o' * delete cache and restart SSSD * call `getent passwd user` and check that home directory reflects value from AD * For AD user `without` posix attributes * in sssd.conf set `subdomain_homedir` option to %o and `fallback_homedir` to /home/%u * delete cache and restart SSSD * call `getent passwd user` and check that home directory reflects `fallback_homedir` 2. On SSSD acting as IPA client * Check that results are the same as on SSSD in server mode and that local `fallback_homedir` is ignored === Authors === preichl(a)redhat.com