When you start your FTP/FTPs, SSH FTP, HTTP, or Cleo Portal (HTTPs) server for the first time, no Users exist and therefore no access is granted to your server. To initiate the creation of Users, first activate the Users template (see Activating a host from a template) and then add a new user mailbox.
User mailboxes can have actions, but unlike remote host/mailbox actions that perform remote host operations, User actions can only perform operations that manipulate files within the user's home directory.
Users can be native users, LDAP users, Connector Host-authenticated users, or SAML-authenticated users.
Users host configuration
Members of a Users group share the same privileges and policies; however, usernames must remain unique across all user groups.
Users: General Tab
- Home Directory
- Select the check box to activate the Home Directory field, all of the user folders and the archive directories specified on this tab, and the FTP and SSH FTP protocols (see Users: Privileges Tab). Clear the check box to deactivate them. The check box is selected by default.
- User Folders
- The paths and names of folders for users of this group. These folders are automatically created under each user's home directory. You can use relative paths and configure virtual subfolders. See Virtual subfolders.
- Archive Directories
- The location where you can save a copy of the sent and received files.
Users: Privileges Tab
The following describes the Privileges tab.
- Protocols
- Specify which protocols are enabled for this user group.
- Access
- Specify the type of access enabled for this user group.
- View Transfers
- Select this check box to allow Cleo Portal users belonging to this group to view the Transfers tab.
- Cleo Unify
- Select this check box to allow users belonging to this group to share folders and files with Cleo Unify.
- Invitations
- Use this section to configure users in this group to invite other users.
- Invite unregistered users
- Select the check box to allow the users in this group to invite other users into the system and enable the Assign invited users to field.
Users: Policy Tab
The following describes the Policy tab.
- Password Policy
- The Password Policy defines the requirements and restrictions for passwords for local users. By default, the Password Policy used by all mailbox users is globally defined using the Enforce Password Policy option on the Other system options. tab. See
- Security Policy
- The Security Policy restricts incoming messages based on certain attributes.
Users: Advanced Tab
This section provides information about properties specific to Users. See Setting advanced host properties for information about how to use and set the properties supported in all protocols.
- Active Mode Source Data Port (FTP)
- Specifies the FTP server source data port for Active Mode FTP when set to a value > 0. Default value is 0 where the data port is unspecified. Some FTP clients may require a specific port number (for example, 20) be used for the server data port.
- Automatically Delete Retrieved Outbox Files (FTP)
- When this option is selected, delete (remove) each file retrieved from the User Download Folder when the next FTP command is received from the client for a given FTP session. Files will only be deleted from the User Download Folder after retrieval from the defined User Download Folder or its subfolders. The delete confirmation response will be contained in a multi-line response (for example, 150-Retrieve of 'test.edi' confirmed… ) for the next appropriate client command.
- Client Type (HTTP)
- Indicates a specific HTTP client that requires special processing of the inbound message. The default value is no specified client type. Choose from Oracle Transport Agent or cXML.
- Email On Check Conditions Met
- Send an email notification after running a CHECK command where the overall conditions of the check are met. See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
- Email On Check Conditions Not Met
- Send an email notification after running a CHECK command where the overall conditions of the check are not met. See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
- Email On Fail
- If an error occurs during a command, email the error condition. See Email/Execute Based on Results.
- Email On Flag
- If a flagged event occurs, email the event. See Configuring email or execute based on results.
- Email On Repetitive Action Failures
- When "Email On Fail" is enabled and the same failure occurs each time an action is run for a specific host, leaving this option unchecked suppresses emailing of the same alert multiple times. If the same email alert continues to be suppressed after 24 hours, the suppressed email alert will be sent every 24 hours and after every system restart if the failure occurs again. When the failure is resolved an email alert will be sent.
Note: This feature only suppresses multiple emails if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts.
- Email On Repetitive Listener Failures
- When "Email On Fail" is enabled and the same failure occurs each time an inbound message is processed by the Listener for a specific host, leaving this option unchecked suppresses emailing of the same alert multiple times. If the same email alert continues to be suppressed after 24 hours, the suppressed email alert will be sent every 24 hours and after every system restart if the failure occurs again. If the failure can be associated with a specific host, an email alert will be sent when the failure is resolved. Failure resolution email alerts will not be sent for general Listener failures since it is not possible to determine that these types of failures have been resolved.
Note: This feature only suppresses multiple emails if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts.
- Email On Successful Copy
- Send an email notification after copying a file using LCOPY. See Configuring email or execute based on results.
- Email On Successful Receive
- Send an email notification after successfully receiving a file. See Configuring email or execute based on results.
- Email On Successful Send
- Send an email notification after successfully sending a file. See Configuring email or execute based on results.
- Execute On Check Conditions Met
- After executing a CHECK command where the overall conditions are met, run a system command. See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.Note: Note that if multiple files contribute to the conditions being met, and one of the file macros is in the command (e.g., %file%), the system command will be executed repeatedly - once for each file.
- Execute On Check Conditions Not Met
- After executing a CHECK command where the overall conditions are not met, run a system command. See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
- Execute On Fail
- If an error occurs during a command, run a system command. See Configuring email or execute based on results.
- Execute On Repetitive Action Failures
-
When Execute On Fail is enabled and the same failure occurs each time an action is run for a specific host, leaving this option unchecked suppresses multiple executions of the Execute On Fail command. If suppression of execution of the command for this failure continues after 24 hours, the suppressed Execute On Fail command will be executed every 24 hours and after a system restart if the failure occurs again. When the failure is resolved, the Execute On Fail command will be executed again. Users must account for this by including the %status% macro variable for the Execute On Fail command (see Using macro variables) and then checking for a success or failure.
Note: This feature only suppresses multiple executions of the Execute On Fail command if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts. - Execute On Repetitive Listener Failures
-
When Execute On Fail is enabled and the same failure occurs each time an inbound message is processed by the Listener for a specific host, leaving this option unchecked suppresses multiple executions of the Execute On Fail command. If suppression of execution of the command for this failure continues after 24 hours, the suppressed Execute On Fail command will be executed every 24 hours and after every system restart if the failure occurs again. If the failure can be associated with a specific host, the Execute On Fail command will be executed again when the failure is resolved. Users must account for this by including the %status% macro variable for the Execute On Fail command (see Using macro variables) and then checking for a success or failure. Executions of the "Execute On Fail" command for resolution of general Listener failures will not be done since it is not possible to determine that these types of failures have been resolved.
Note: This feature only suppresses multiple executions of the Execute On Fail command if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts. - Execute On Successful Copy
- After successfully copying a file using LCOPY, run a system command. This command may be used for post-processing the file. See Configuring email or execute based on results.
- Execute On Successful Receive
- After successfully receiving a file, run a system command. This command may be used for post-processing the file. SeeConfiguring email or execute based on results.
- Execute On Successful Send
- After successfully sending a file, run a system command. This command may be used for post-processing the file. See Configuring email or execute based on results.
- Fixed Record EOL Characters
- End-of-line characters to be inserted and/or deleted.
- Fixed Record Incoming Delete EOL
- If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to look for and delete EOL characters while receiving a file.
Note: When using FTP ASCII mode, standard EOL characters may already be changing if transferring between Windows and Unix platforms.
- Fixed Record Incoming Insert EOL
- If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to insert EOL characters while receiving a file.
Fixed Record Incoming Delete EOL and Fixed Record Incoming Insert EOL are mutually exclusive properties.
- Fixed Record Length
- The fixed record length after which end-of-line characters need to be inserted and/or deleted.
- Fixed Record Outgoing Insert EOL
- If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to insert EOL characters while sending a file.
Note: When using FTP ASCII mode, standard EOL characters may already be changing if transferring between Windows and Unix platforms.
- FTP Session Timeout
- Specifies the maximum time (in minutes) that a user can be logged in to an FTP/SSHFTP session before being logged out of the system.
-
Default value:
-1
Indicates the user will not be logged out. - High Priority
- Indicates whether incoming and/or outgoing transfers through the host should be treated as high priority. When both high priority and regular priority transfers are active, the high priority transfers get a larger portion of the available bandwidth. Go to
High Priority Transfers Percentage Available Bandwidth
(defaults to 75). See Other system options for more information.
to set the
- Ignore Exception Without Quit (FTP)
- When this option is selected, FTP disconnect exceptions related to the client closing the connection abruptly without issuing a QUIT command will be suppressed.
- Include Failure In Subject Of Email
- When specified, the exception message will be included in the email that is generated on failure.
Note: If the exception message exceeds 256 characters, it will be truncated.
- Interim File Extension (FTP, SSH FTP)
- When applicable, specifies the temporary filename extension that a trading partner's FTP or SSH FTP client software uses while transferring a file. For the transfer logging feature, the VersaLex application sets the transfer status to Interim Success rather than Success when a transfer with a temporary filename extension is finished. Then, when the trading partner client software renames the file to strip off the temporary filename extension, the application inserts an additional Success entry into the transfer log with the resulting filename to mark the transfer as complete. The dot preceding the extension can be included in the configured value, but it is not required. If multiple temporary filename extensions are used, they can be separated by commas or semicolons.
- LCOPY Archive
- If specified, contains the directory for archiving LCOPY source files.
- Log Individual LCOPY Results To Transfer Logging
- When this option is enabled, a
<send>
and<receive>
result is logged to the transfer log for each file copied.Note: This is a Cleo Harmony and Cleo VLTrader option. - Macro Date Format
- Specifies the date format to be used when the
%date%
macro is used. - Macro Time Format
- Specifies the time format to be used when the
%time%
macro is used. - Maximum Concurrent FTP Logins (FTP, SSH FTP)
- The total number of logins allowed at any one time per user on FTP or SSH FTP (separately). With the default value of 0, the number of concurrent connections per user will be limited by the Maximum Concurrent FTP Logins Per User setting in the Local Listener. A value other than zero will override the Local Listener Maximum Concurrent FTP Logins Per User setting.
- Maximum Incoming Transfer Rate (kbytes/s)
- Sets the maximum incoming transfer rate in Kbytes (1024 bytes) per second for each mailbox or host. The default value of
0
does not limit the transfer rate. The Maximum Incoming Transfer Rate system setting might also limit the transfer rates. The system Maximum Incoming Transfer Rate value is used unless this setting is more restrictive. For simultaneous transfers, the number of active transfers also affects individual transfer rates. See Advanced system options. - Maximum Outgoing Transfer Rate (kbytes/s)
- Sets the maximum outgoing transfer rate in Kbytes (1024 bytes) per second for each mailbox or host. The default value of
0
does not limit the transfer rate. The system setting might also limit the transfer rates. The system Maximum Outgoing Transfer Rate value is used unless this setting is more restrictive. For simultaneous transfers, the number of active transfers will also affect individual transfer rates. See Advanced system options for more information about Maximum Outgoing Transfer Rate. - Outbox Sort
- Controls the order in which multiple files are transferred for a PUT command. If
System Default
is specified, the value set on the tab takes precedence. ForAlphabetical
ordering, the file extensions are not used to determine the sorted order unless they are needed to make the filenames unique. - PGP Encryption Algorithm
- Encryption method used when OpenPGP packaging (with encryption) is requested through the Mailbox Packaging tab. See Configuring mailbox packaging. If
System Default
is specified, the value set on the tab takes precedence. - PGP Hash Algorithm
- Signing method used when OpenPGP packaging (with signing) is requested through the Configuring mailbox packaging. If
System Default
is specified, the value set on the tab takes precedence. - PGP Integrity Check
- When OpenPGP encrypting (see Configuring mailbox packaging), include an integrity check on encrypted data. Can be disabled for compatibility with certain OpenPGP implementation.
- PGP Signature Verification
- Indicates whether or not signed inbound PGP messages should verified when inbound OpenPGP packaging is requested through the Mailbox Packaging tab. See Configuring mailbox packaging. In general, this property should be enabled.
- PGP V3 Signature
- Prefix SSH FTP Home Directory Path
- Adds /home/<username> to the path displayed to the user.
- Request and Response Events
- Trigger At Upload Completion (FTP)
- Select this property to indicate a trigger should be created when a file upload is completed successfully. This property applies only to files transferred using FTP. The trigger is created when the next command is received after the file upload.
- Unzip Use Path
- Indicates whether or not zip entry paths should be used for LCOPY -UNZIP operations. When enabled, the entry's path is added to the destination path, unless the entry contains an absolute path. In this case, the absolute path is used in place of the destination path.
- Use External IP Address In PASV Response (FTP)
- Indicates, for passive (pasv) mode, that the external address (rather than the local IP address) should be included in data port response to the FTP client.
- XML Encryption Algorithm
- The method used to encrypt/decrypt files when XML Encryption packaging is requested through the Mailbox Packaging tab. See Configuring mailbox packaging . If
System Default
is specified, the value set on the tab takes precedence. - Zip Comment
- Specifies the comment to be added to the zip archive file in LCOPY -ZIP operations.
- Zip Compression Level
- Controls the level of compression for LCOPY -ZIP operations. If
System Default
is specified, the value set on the takes precedence - Zip Subdirectories Into Individual Zip Files
- Indicates whether or not subdirectories should be bundled for LCOPY –ZIP –REC operations. When enabled, each first-level subdirectory (and all of its descendents) will be bundled together into an individual zip file. The name of this zip file may optionally reflect the subdirectory name if an asterisk (
*
) is placed in the destination path. Any files that are directly off the source root directory will not be copied.
Virtual subfolders
You can configure virtual subfolders as part of the User Download Folder, User Upload Folder and Other Folders.
Syntax
Use this syntax to specify virtual subfolders:
virtualFolderName=actualFolder(permissions)
- virtualFolderName
- The name displayed to the user.
- actualFolder
- An absolute path, a relative path, a UNC path, or a connector URI path (with optional connector parameters) to the actual folder.
- permissions
- Optional.
Examples
- URI using system scheme name for a File connector
-
localserverfilesA=myfiles:
- URI using a system scheme name for a SMB connector and a subdirectory:
-
remoteserverfilesABC=mysmb:/sub1/sub2
- URI using an SMB connector overriding the Share Path based on the username:
-
MyHome=Smb:SmbHost?smb.SharePath=//filsvr01/users/home/%username%
- URI using a S3 connector:
-
s3bucket=S3:S3-Prod
- Using absolute path (local Linux VersaLex server):
-
archivedata=/opt/datadir/archive/companyx/
- Using relative path (relative from VersaLex installation directory):
-
recs=home/install_records/
- Using UNC path:
-
fileserver=\\fileserver01\public\data\
- User Download Folder:
-
fromClar=clarify:Clarify202/Clarify-AS2-Outbound/fromclarify(LIST,READ)
- User Upload Folder:
-
toClar=clarify:Clarify202/Clarify-AS2-Outbound/toclarify(WRITE)
- Other Folders:
-
MyHDFS=hdfs:HDFSTest(LIST,READ,WRITE)
Home connector
Use the home connector to copy files to and delete files from a user folder.
Syntax
Use this syntax to specify a user's home directory.
home:username/path
- username
- The login username.
- path
- A path relative to the user's home folder. This value can be an actual path or a virtual folder path.
Examples
- Copying files into a user subfolder
-
LCOPY *.edi home:/user1/S3Share
- Deleting files form a user subfolder
-
LDELETE home:/user1/S3Share/text.*
Users mailbox configuration
A user mailbox's settings establish the identity of a user or an LDAP subgroup.
Users Mailbox: Login Tab
- Status
- The Status field provides the current account status. Generally, this display is read-only. If, however, the account is locked due to multiple invalid login attempts (see Configuring password policies for detailed information about Password Policy options), the Unlock button appears.
- Authentication
- Select the type of authentication you want to configure for this mailbox. This section displays different fields depending on the type of authentication you choose.
- Default User
- Select this option to use default authentication.
- User ID
- This value comes from the User field at the top of the Mailbox window. In the User field, enter an alias not already in use.
- Password
- The user's password.
- SSH Key(s)
- This field is applicable to SSH FTP only, and it is optional. If specified, this user, if logging in through SSH FTP, must use his user ID and one of the SSH key(s) to authenticate
- Allow password or SSH Key authentication
- Select this check box to allow password or public key to be used for authentication in User hosts for SSHFTP.
- Require both
- Select this check box to require both a password and public key be used for authentication in User hosts for SSHFTP.
- Email address
- When the user requests a password reset, a personal URL (PURL) is sent in an email to this address. The user can click this PURL to begin the process of resetting their password. This email address must be unique across the system.
Note: If you select the LDAP check box, this field is not available. In order for this user to receive password reset email, the LDAP email attribute must be set in the LDAP User Configuration screen. See User configuration reference.
- System LDAP
- Select this option to use LDAP authentication.
- Override System Options
- Select this option and then specify a Base DN in order to match the intended set of users for this mailbox. Or the Extend Search Filter can be used to append rules to the default system search filter. See LDAP server.
- Override System Setting
- Select this option to disable the Extend Search Filter field and then specify a Search Filter.
- Extend Search Filter
- Specify a value used to append rules to the default system search filter. This field is disabled if you select the Override System Setting check box.
- List
- Displays a list of users and their attributes matching the values you specified in the Base DN and Search Filter filters.
- Connector Host
- Select this option to use the authenticator API in the connector host, allowing Cleo Portal, FTP, and SFTP users to be provisioned and authenticated through an interface with another system, for example a CRM application.
- Authenticator
- Enter the URI of the connector host you want to use for authentication. Specify the URI as scheme:alias.
- SAML User
- Select this option to allow authentication via SAML.
- Email Address
- Enter the email address that identifies the user of this mailbox in SAML.
- Home Directory
- Select an option from the drop-down list.
- Default Home - Use the value specified in the Home Directory field for the user group. See Users: General Tab.
- Custom Home - Specify a home directory. You can browse your system and select a home directory or enter a directory path manually. Alternatively, you can select a custom macro variable from the drop-down menu. See Using macro variables for a list of the applicable macros (Default Root Directory context).
- LDAP Home - Use the value specified for the LDAP group specified. Available only if LDAP is selected.
- Add Folders
- Click Add Folders to display the Local User Subdirectories dialog box. This dialog box displays host-level settings (read-only) for the current folder configuration and allows you to specify additional real or virtual subfolders at the mailbox level in the field. You can add multiple paths (one path per line) in the Other Folders field. All paths must be relative or use virtual subfolders and cannot include reserved macro variables (for example, %mailbox%). You can, however, use%username% in a virtual subfolder link.
Users Mailbox: Activity Tab
Note: For LDAP or Connector Host authentication users, Activity Dates represent the most recent date from any user defined in the mailbox.
The Activity tab displays a table of information about login and transfer activities for the Mailbox. Each row in the table contains the following columns.
- Activity
- Displays the type of activity, for example, FTP Login or FTP Transfer.
- Date
- Displays the date of the most recent activity.
Other possible values:
- No Activity
- Indicates the user was created after the Activity tab functionality was introduced and there is no activity to report for this user.
- Unknown
- Indicates the user existed before the Activity tab functionality was introduced and there is no activity to report.
- Days
- Displays the number of days since the last activity.
Users Mailbox: IP Filter
The IP addresses you specify here are the only addresses that will be allowed to log into the user mailbox.Users Mailbox: Packaging Tab
See Configuring mailbox packaging for information regarding payload file packaging.
User Action
An action captures a repeatable local procedure relative to the user mailbox.
- Right-click the mailbox under the host in the active tree pane.
- Select New Action to create a new action. Then, if desired, type a new alias in the content pane panel and click Apply.
Users Action: Action Tab
Use the Action tab to configure commands within an action.
See Composing an action. Also see Local command reference.
Users Command Reference
See FTP Command Reference, HTTP Command Reference, and SSH FTP Command Reference for information about the server commands available to the users of this user group.
Comments
0 comments
Please sign in to leave a comment.