Disable socket-activated sssd services by default
Discussion and work related to FreeIPA and its packaging has led to the conclusion that it's probably better to not use socket-activated services for SSSD by default and simply provide them as an optional alternative.
This MR overrides dh_installsystemd to selectively enable sssd.service (as services normally would be) and not enable the socket/service pairs by default. Furthermore, the patch that modifies the shipped default configuration to use socket-activated services is removed.
Outstanding questions
There are some considerations about how to provide a good migration path for existing installations which we'll need to resolve and discuss before we can merge this and call it good.
Fresh installations
Should not be affected and would just receive an SSSD daemon configured to start the nss and pam services. No socket-activated services are enabled.
Upgrade (user has disabled socket-activated services)
Should receive a diff against the new config file, forcing the end user to think about what they've done and make an informed decision.
Upgrade (no customizations or using socket-activated services)
Will, as it stands right now, end up with a broken system. SSSD or the socket-activated services will fail to start since we install a configuration file that has SSSD starting the services but the socket/service pairs remain enabled.
Thoughts
I'm not sure if there is a way to check if the user has made a conscious choice about which socket-activated services to use or not use or if they're just running the defaults. Simply taking inventory of the enabled sockets and turning them into SSSD-started services doesn't seem like a good option, considering the user might want to keep using socket-activated services. On the other hand, just leaving the system as-is and pushing our new config would break things, so that's not a good option either.
Perhaps a postinst configuration step with debconf that asks the user what they'd prefer (SSSD-started vs socket-activated) would be an option? That way, everyone would be forced to make an informed decision and could choose to leave things as they are and sort it out themselves.