Unfortunately I can't find any hints what "0.0.0.0%0.0.0.0" means. Can anyone explain that?
It's documented in the slapd.access(5) man page, in the section about "peername".
Thanks for the reply Quanah. Unfortunately I still don't get it. From the section in the man page I removed the parts about domains, sockets and IPv6 to make it easier to read which leaves me with this:
The statement peername=<peername> means that the contacting host IP (in the form IP=<ip>:<port> for IPv4) for peername is compared against pattern to determine access. The same style rules for pattern match described for the group case apply, plus the regex style, which implies submatch expand and regex match of the corresponding connection parameters. The exact style of the <peername> clause (the default) implies a case-exact match on the client's IP, including the IP= prefix and the trailing :<port>. The special ip style interprets the pattern as <peername>=<ip>[%<mask>][{<n>}], where <ip> and <mask> are dotted digit representations of the IP and the mask, while <n>, delimited by curly brackets, is an optional port. When checking access privileges, the IP portion of the peername is extracted, eliminating the IP= prefix and the :<port> part, and it is compared against the <ip> portion of the pattern after masking with <mask>: ((peername & <mask>) == <ip>). As an example, peername.ip=127.0.0.1 allows connections only from localhost, peername.ip=192.168.1.0%255.255.255.0 allows connections from any IP in the 192.168.1 class C domain, and peername.ip=192.168.1.16%255.255.255.240{9009} allows connections from any IP in the 192.168.1.[16-31] range of the same domain, only if port 9009 is used. The expand style is allowed, implying an exact match with submatch expansion; the use of expand as a style modifier is considered more appropriate.
From this edited man-page excerpt I can easily determine that peername.ip=10.10.0.0%255.255.0.0 would allow access for any hosts in the 10.10.0.0/16 IP-range. The subnet mask part in my case is also clear. However I still don't know what exact meaning the IP part 0.0.0.0 has.
Anyone willing to elaborate? Am I correct in assuming peername.ip=0.0.0.0%0.0.0.0 allows access to any IP?
Best regards and have a nice weekend, Cyril