Am 17.01.25 um 10:52 schrieb Ondřej Kuzník:
> On Fri, Jan 17, 2025 at 10:42:22AM +0100, [email protected] wrote:
>>>> Unfortunately I can't find any hints what "0.0.0.0%0.0.0.0" means. Can
>>>> anyone explain that?
>>>
>>> It's documented in the slapd.access(5) man page, in the section about
>>> "peername".
>>
>> Thanks for the reply Quanah. Unfortunately I still don't get it. From
>> the section in the man page I removed the parts about domains, sockets
>> and IPv6 to make it easier to read which leaves me with this:
>>
>>> From this edited man-page excerpt I can easily determine that
>>> peername.ip=10.10.0.0%255.255.0.0 would allow access for any hosts in
>>> the 10.10.0.0/16 IP-range. The subnet mask part in my case is also
>>> clear. However I still don't know what exact meaning the IP part
>>> 0.0.0.0 has.
>>
>> Anyone willing to elaborate? Am I correct in assuming
>> peername.ip=0.0.0.0%0.0.0.0 allows access to any IP?
>
> Hi Cyril,
> presumably you have both IPv4 and IPv6 (or UNIX socket) clients and this
> attempts to differentiate between the classes/address families?
Hi,
Quote from slapd.access (Debian 12, slapd 2.5.13+dfsg-5):
The special ip style interprets the pattern as <peername>=<ip>[%<mask>][{<n>}],
where <ip> and
<mask> are dotted digit representations of the IP and the mask, while <n>,
delimited by curly
brackets, is an optional port. The same applies to IPv6 addresses when the
special ipv6 style is used.
End quote.
0.0.0.0%0.0.0.0 is <ipv4>%<subnet mask> equivalent to 0.0.0.0/0 <ipv4>/<prefix
length>. Meaning
every possible IPv4 address.
Regards,
Uwe
>
> Regards,
>
