Bug 1053106

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2196

Pushed upstream.

    master:
        c373732505c9a73a9a8b17533dafc618c95ea331
        d57529a867940e83ed27f8c2326bde7f07db7b9a 
    sssd-1-11:
        156bbc97b3ebb8df42b658b8ab04c00f0d312eec
        654fa152629cf93d6681d138eb806247fca4d9ae

Tested the override setting in the domain section with sssd-1.11.2-27.el7 and looks like its fixed.
[domain/sssdad.com]
default_shell = /bin/bash
override_homedir = /home/%d/%u

administrator:*:498200500:498200513:Administrator:/home/sssdad.com/administrator:/bin/bash
administrator.com:*:1184400500:1184400500:Administrator:/home/child1.sssdad.com/administrator:/bin/bash
administrator:*:525400500:525400500:Administrator:/home/sssdad_tree.com/administrator:/bin/bash

override_homedir = /home/%f

administrator:*:498200500:498200513:Administrator:/home/administrator:/bin/bash
administrator.com:*:1184400500:1184400500:Administrator:/home/administrator.com:/bin/bash
administrator:*:525400500:525400500:Administrator:/home/administrator:/bin/bash

I did see one small odd item.  After removing the override and just leaving fallback_homedir in the [nss] section this showed up

This one looks ok.
[nss]
fallback_homedir = /home/%d/%u

administrator:*:498200500:498200513:Administrator:/home/sssdad.com/administrator:/bin/bash
administrator.com:*:1184400500:1184400500:Administrator:/home/child1.sssdad.com/administrator:/bin/bash
administrator:*:525400500:525400500:Administrator:/home/sssdad_tree.com/administrator:/bin/bash

But this setting seems to not quite follow the expected behavior. The subdomains still do have the /home/%d/%u format even though fallback_homedir = /home/%f is in use.

administrator:*:498200500:498200513:Administrator:/home/administrator:/bin/bash
administrator.com:*:1184400500:1184400500:Administrator:/home/child1.sssdad.com/administrator:/bin/bash
administrator:*:525400500:525400500:Administrator:/home/sssdad_tree.com/administrator:/bin/bash

If fallback_homedir is used in the domain section the same thing happens as the nss section. I could be misunderstanding the man pages, but it does not read like the fallback_homedir options is to be used in the domain section. If it is invalid this last part may not be an issue but ill need to make sure realmd is not writing in sssd.conf by default.

Jeremy, I think you stumbled upon the same mistake we realized on the devel list..currently the default for subdomain_homedir is always set even if the option is omitted from the config file.

What we agreed on is to only make the subdomain_homedir work in the case of IPA trusts and adjust documentation accordingly. Changing the subdomain_homedir default is not an option as the configurations that might rely on existing default  are already out there..

We'll prepare a new fix.

Verified in version 1.11.2-29.el7

Output from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ad_forest_05: bz 1053106 subdomain do not inherit fallbacks and overrides settings
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

/home/sssdad.com/user1_dom1
:: [   PASS   ] :: Running 'getent passwd user1_dom1 | awk -F: '{print $6}' | grep '/home/sssdad.com/user1_dom1'' (Expected 0, got 0)
/home/sssdad_tree.com/user1_dom2
:: [   PASS   ] :: Running 'getent passwd user1_dom2 | awk -F: '{print $6}' | grep '/home/sssdad_tree.com/user1_dom2'' (Expected 0, got 0)
/home/child1.sssdad.com/user1_dom3
:: [   PASS   ] :: Running 'getent passwd user1_dom3.com | awk -F: '{print $6}' | grep '/home/child1.sssdad.com/user1_dom3'' (Expected 0, got 0)

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.