From 2689bcbcaf4ea4b91c5b5f1c03af3dc676bb93a4 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Sep 21 2012 20:05:55 +0000
Subject: Ticket 474 - Root DN Access Control - days allowed not working correctly


Bug Description:  If you set more than one day in the rootdn-days-allowed config
                  attribute the plugin can reject all rootDN binds.

Fix Description:  Correct the order of the char strings in strstr().

https://fedorahosted.org/389/ticket/474

Reviewed by: richm(Thanks!)

---

diff --git a/ldap/servers/plugins/rootdn_access/rootdn_access.c b/ldap/servers/plugins/rootdn_access/rootdn_access.c
index 19e578c..bae2703 100644
--- a/ldap/servers/plugins/rootdn_access/rootdn_access.c
+++ b/ldap/servers/plugins/rootdn_access/rootdn_access.c
@@ -440,8 +440,9 @@ rootdn_check_access(Slapi_PBlock *pb){
         memmove(day, timestr, 3); // we only want the day
         today = strToLower(today);
 
-        if(!strstr(today, daysAllowed)){
-            slapi_log_error(SLAPI_LOG_PLUGIN, ROOTDN_PLUGIN_SUBSYSTEM, "rootdn_check_access: bind not allowed for today\n");
+        if(!strstr(daysAllowed, today)){
+            slapi_log_error(SLAPI_LOG_PLUGIN, ROOTDN_PLUGIN_SUBSYSTEM, "rootdn_check_access: bind not allowed for today(%s), "
+                "only allowed on days: %s\n", today, daysAllowed);
             return -1;
         }
     }