Am 17.01.25 um 10:52 schrieb Ondřej Kuzník:
On Fri, Jan 17, 2025 at 10:42:22AM +0100, cyril@stoll.info wrote:
Unfortunately I can't find any hints what "0.0.0.0%0.0.0.0" means. Can anyone explain that?
It's documented in the slapd.access(5) man page, in the section about "peername".
Thanks for the reply Quanah. Unfortunately I still don't get it. From the section in the man page I removed the parts about domains, sockets and IPv6 to make it easier to read which leaves me with this:
From this edited man-page excerpt I can easily determine that peername.ip=10.10.0.0%255.255.0.0 would allow access for any hosts in the 10.10.0.0/16 IP-range. The subnet mask part in my case is also clear. However I still don't know what exact meaning the IP part 0.0.0.0 has.
Anyone willing to elaborate? Am I correct in assuming peername.ip=0.0.0.0%0.0.0.0 allows access to any IP?
Hi Cyril, presumably you have both IPv4 and IPv6 (or UNIX socket) clients and this attempts to differentiate between the classes/address families?
Hi,
Quote from slapd.access (Debian 12, slapd 2.5.13+dfsg-5):
The special ip style interprets the pattern as <peername>=<ip>[%<mask>][{<n>}], where <ip> and <mask> are dotted digit representations of the IP and the mask, while <n>, delimited by curly brackets, is an optional port. The same applies to IPv6 addresses when the special ipv6 style is used.
End quote.
0.0.0.0%0.0.0.0 is <ipv4>%<subnet mask> equivalent to 0.0.0.0/0 <ipv4>/<prefix length>. Meaning every possible IPv4 address.
Regards,
Uwe
Regards,