Sign in

Configuring local FTP users

  • Updated
Note: This feature is being deprecated. For protocols other than AS3, use a Users host. See Users Host for more information. For AS3, you can continue to use the FTP Users host and mailbox until further notice.
Note: This section applies to the Cleo VLTrader and Cleo Harmony applications only.

When you start your FTP server for the first time, no users are defined and therefore no access is granted to your server. 

  1. In the Templates pane, open the Other folder, and then clone and active the preconfigured Local FTP Users local host. See Activating a host from a template.
  2. Specify default directories for all Local FTP users. See Configuring local FTP user directories.
  3. Configure access for FTP users. See Configuring access for FTP host users.
  4. Add a new mailbox to create a new FTP server login.

    You can either clone the default myTradingPartner mailbox or create a new mailbox.

    Local FTP user mailboxes can have actions, but unlike remote host/mailbox actions that perform remote host operations, local FTP user actions can only perform local host operations that manipulate files within the user's home directory. See Action Tab.

    FTP Users can be either generic FTP users, AS3 users, or LDAP users. See Configuring FTP for Local FTP MailboxConfiguring AS3 for Local FTP Mailbox, and Configuring LDAP for Local FTP Mailbox, respectively.

You can create multiple Local FTP Users local hosts, which allows you to group users with the same host properties together. User names (for example, Local FTP user mailbox names) will remain unique across all Local FTP Users local hosts.

Configuring local FTP user directories

 

Use the General tab to specify default values for local FTP user directories.
  1. Specify a Default Root Directory. By default, each FTP user's home directory is a subfolder under the directory you specify here.  Click the ... button to browse and select a directory. Alternatively, select a custom macro variable from the drop-down menu.  See Using Macro Variables for a list of the applicable macros (Default Root Directory context).  Once the change is applied, FTP users that are already configured to use the default root are switched over to the new default root.
  2. Specify the paths and names of Local User Subdirectories. These directories are automatically created under each user's home directory.  Each directory path specified should be a relative path. 

    The configured inbox and outbox directories can be easily referenced in the mailbox <collect> and <release> actions by using the %inbox% and %outbox% macros, respectively. See Action Tab

    If the sentbox directory is configured, when the user retrieves a file from the configured outbox, the VersaLex application places a user-accessible copy of the file in the sentbox directory.  If the receivedbox directory is configured, when the user stores a file in the configured inbox (either directly or via RNFR/RNTO), the VersaLex application also places a user-accessible copy of the file in the receivedbox directory. 
    Note: Files of the same name are overwritten.
    The following are rules that apply to AS3/FTP mailboxes:
    • The default inbox\ and outbox\payload\ subdirectories are always used, regardless of the settings specified in the Host > General panel, because vendor AS3 send and receive "choreographies" are established and published for interoperability certification and cannot be altered.  
    • Remote AS3 users must place all inbound payload files and MDNs in the inbox\ subdirectory. Outbound payload files can only be received from the outbox\payload subdirectory; outbound MDNs can only be received from theoutbox\mdnsubdirectory.
    • Files placed in any other directory or subdirectory are not accessible by AS3 users and will not appear in any remote directory listings.
    • The sentbox and receivedbox subdirectories are not created or used in AS3/FTP mailboxes regardless of the settings specified in the Host > General panel due to the above security restrictions placed on all AS3 users.
    • In addition to the InboxOutboxSentbox and Receivedbox folders, additional folders can be specified in the Others field. Multiple paths can be added to Others separated by commas, semi-colons or carriage returns. Note that all paths must be relative and may not include reserved macro variables (for example, %mailbox%).
  3. The Archive Directories allow for a copy of the sent and received files to be saved in an additional location that, in most cases, is not accessible by the user.  Unlike the sentbox and receivedbox configured under the Local User Subdirectories, you can configure these directories to point to a network location by clicking the ... button; or you can select a custom macro variable from the drop-down list.  See Using macro variables for a list of the applicable macros (Default Local User Archive Directory context). See Specifying default host directories for information about setting up system-level directories and custom directory macro variables.
    If desired, the %mailbox% macro may be used as part of these directory definitions to filter files for non-LDAP users into separate subdirectories. Files written to these directories are retained with unique file names and will be archived if the Sent/Received Box Archive System Option has been enabled. See Specifying default host directories

Configuring access for FTP host users

Use the FTP tab to configure access for FTP host users. Specify values for the following fields:

Acceptable inbound file patterns
Specify patterns that files must match to be permitted inbound. Patterns can include wildcards and regular expressions. See Using wildcards and regular expressions. If you specify multiple file patterns, separate them with semi-colons (;) or commas (,). Alternatively, enter them on separate lines. 
The following are examples of valid patterns:
  • * – any file pattern
  • *.* – file must have an extension
  • *.edi;*.xml – only .edi and .xml extensions acceptable (case sensitive)
  • [(?i).*\.(edi|xml)] – only .edi and .xml extensions acceptable (case insensitive)
Users have read-only access
Restricts FTP users to read-only access of files and directory listings in their home directory. Users with read-only access may only retrieve files or directory listings from their home directory.
When you select this option, the Users can make/remove subdirectories check box is disabled and any previously selected setting is cleared.
This setting does not apply to AS3 users, since retrieving files may also require subsequent uploads of MDN receipts.
Users can make/remove subdirectories
Enables FTP users to make and remove subdirectories within their home directory
This check box is disabled when you select the Users have read-only access option.
Users must connect on a secure port
Limits users to SSL connections only. When selected, users will able to successfully authenticate only when an FTP/s connection is used.
IP filter required
When you select the IP filter required check box, all mailboxes under this host require whitelist IP addresses to be entered. If no whitelist IP addresses are entered for a mailbox, that mailbox is set to not ready. For the mailboxes that have whitelist IP addresses entered, the mailbox user can log in to the mailbox only from the IP addresses configured. If the IP filter required check box is cleared, whitelist IP addresses are not required and the mailbox user can log in from anywhere.
Password Policy
Defines the security requirements that will be enforced for all local users.  By default, the Password Policy used by all mailbox users is globally defined via the Enforce Password Policy option on the System Options > Other tab. See Other system options.
To specify a different set of security restrictions for all mailbox users defined for a particular local user host: select the Override System Level Settings option, select the Enforce Password Policy option (if not already selected), click Configure, make the changes and click Apply.  See Configuring password policies for further information on the Password Policy options.
To disable Password Policy enforcement for all mailbox users defined for a particular local user host: select the Override System Level Settings option, clear the Enforce Password Policy option and click Apply.

Configuring FTP for Local FTP Mailbox

FTP Users can be either generic FTP users, AS3 users, or LDAP users.

Username
The mailbox alias. This value is used by your trading partner to log in to your FTP server. Specify a value not already in use.
Password
The password for the mailbox. This value is used by your trading partner to log in to your FTP server.
User Home Directory
Defaults to a username subdirectory under the default root directory defined on the General tab (see Configuring local FTP user directories). To override this path for this user only, clear the Use Default Root\Username check box and click the ... button to change the home directory; or select a custom macro variable from the drop-down list.  See Using macro variables for a list of the applicable macros (Default Root Directory context). 
Subdirectories
Click Subdirectories to display the Local User Subdirectories dialog box. This dialog box displays host-level settings (read-only) for the current folder configuration and allows you to specify additional folders at the mailbox level in the Mailbox-level Settings > Others field. You can add multiple paths (one path per line) in the Others field. All paths must be relative and cannot include reserved macro variables (for example, %mailbox%).
Pipe Incoming Payload
Allows for this trading partner to send to your FTP server and redirect, or pipe, the incoming payload out through a different protocol. If the transfer out to the pipe mailbox fails, the transfer into the local mailbox also fails.
AS3 User
Select the AS3 User check box to designate the user as an AS3 user and enable the AS3 Mailbox: AS3 tab. See AS3 Mailbox.
LDAP Usergroup
Select the LDAP Usergroup check box to designate the mailbox as an LDAP user group mailbox and enable the Mailbox LDAPtab (see Configuring LDAP for Local FTP Mailbox. Many of the other fields on this tab are disabled when select the LDAP Usergroup check box.  An LDAP user group mailbox has the following features:
  • The mailbox no longer corresponds to a single user, but rather a group of users configured in an external directory server.
  • In addition to authenticating usernames and passwords through the external directory server, you can select the Use LDAP Home Directory check box to use the directory service to provide user home directory paths. If this option is not selected, and the Use Default Root\Username check box is selected, the Cleo HarmonyCleo VLTrader, or Cleo LexiCom application dynamically appends the username to the root directory by way of a %username% macro variable.
Unlock
This button is enabled when the user has too many failed log in attempts. Mouse over the Unlock button to display when the user will be unlocked automatically or you must unlock the user manually. Click Unlock and then click Apply to unlock the user.

Configuring AS3 for Local FTP Mailbox

The AS3 tab is enabled when you select the AS3 User check box on the FTP tab. The AS3 tab contains three tabs: Headers (see Local AS3 message headers reference), AS3 (see Local AS3 settings reference), and Certificates (see Local AS3 certificates reference).

Local AS3 message headers reference

The AS3 tab contains the configuration for the AS3 message headers.

AS3-From
The AS3 name that you will be using for this trading relationship.
AS3-To
Your trading partner’s AS3 name.
Subject
Text you want to include in the header of all messages sent to this trading partner.
Content-type
Select the value appropriate from the menu for the files you want to send to this trading partner.
Alternatively, leave this field blank and allow the application to detect the Content-Type first based on the file content and then the file extension. Detectable values include:
  • application/edifact
  • application/edi-x12
  • application/edi-tradacoms
  • application/xml (text/xml)
  • application/pdf
  • application/msword
  • application/x-msexcel
  • application/rtf
  • application/zip
  • image/bmp
  • image/gif
  • image/tiff
  • image/jpeg
  • text/plain
  • text/html
  • video/mpg

Local AS3 settings reference

The AS3 tab contains three sections: RequestMDN Receipt, and Inbound Message Security.

Request
Encrypted
Signed
These fields allow you to specify the combination of attributes (with respect to S/MIME format ) of the message you want to send to the remote AS3 client.
  • Unsigned/unencrypted (neither the Encrypted nor Signed check boxes are selected)
  • Signed (only the Signed check box is selected)
  • Encrypted (only the Encrypted check box is selected)
  • Signed / Encrypted (both the Signed and Encrypted check boxes are selected)
Receipt
Enables the MDN Receipt section, where you specify attributes related to a receipt for your message.
Encryption Algorithm
This field is enabled when you select the Encrypted check box. It allows you to choose an encryption algorithm for the message. The remote AS3 client must be able to decrypt the message using the algorithm you choose. For a non-VersaLexAS3 client, it is important to verify the algorithms it is capable of handling prior to sending an encrypted message. The default encryption algorithm is TripleDES.  See Cryptographic Services for more information on choosing an encryption algorithm.
Key Algorithm
When Encrypted is selected, the Key Algorithm field is enabled and allows you to choose the algorithm to encrypt the content encryption key with the public key of your trading partner’s encryption certificate. Your trading partner uses the private key of their encryption certificate to decrypt the content encryption key that is subsequently used to decrypt the content of the message.
Possible values:
  • RSA(default)
  • RSAES-OEAP
Signature Algorithm
When Signed is selected, the Signature Algorithm is used to encrypt the hash value of the signature with the private key of your signing certificate. Your trading partner uses the public key of your signing certificate to decrypt the hash value of the signature that authenticates you as the sender of the message. When RSA is selected, the selected Hash/MIC Algorithm is used to determine the appropriate signature algorithm, for example, rsaEncryptionsha256WithRSAEncryption,sha384WithRSAEncryption or sha512WithRSAEncryption. If RSASSA-PSS is selected, the combination of the private key of your signing certificate and the hash algorithm is used in conjunction with the RSASSA-PSS algorithm to secure the signature.
Possible values:
  • RSA (default)
  • RSASSA-PSS
Hash/MIC Algorithm
When Signed in the Request section is selected, the combination of the signature algorithm and the selected hash algorithm is used to secure the signature.
Note: If the RSASSA-PSS signature algorithm is used and the SHA-512 hash algorithm is selected, the strength of the signature algorithm of your signing certificate must be SHA256withRSA or better.
When the Signed option in the MDN Receipt section is selected, the selected Hash/MIC Algorithm is used to compute the independent Message Integrity Check (MIC) value that is returned in the MDN Receipt.
Possible values:
  • SHA-1 (default)
  • MD5 (cryptographically weak and should not be used unless no other Hash/MIC algorithm is available)
  • SHA-256
  • SHA-384
  • SHA-512
Compress Content
Select this check box to enable ZLIB compression for the message.
Use compression to conserve bandwidth and improve security when sending large files.
MDN Receipt
When the Receipt check box is selected in the Request section, the fields in an MDN Receipt is enabled for editing. Otherwise, these fields will be disabled.
Signed
When you select the Signed check box, a hash is computed over the content of the sent message using the algorithm you select from the Hash/MIC Algorithm menu.  The recipient returns the MDN with a digital signature and will compute an independent MIC value over the content of the message received (using the same MIC algorithm) and return this value as a Base64-encoded value in the human-readable portion of the MDN.  When the MDN is received, the MIC you selected is compared against the received MIC.  When the MIC values match, the sender is guaranteed that the message read by the recipient was identical to the message that came from the sender and not modified in any way.
Forward MDN to Email
Select this check box to forward a copy of the received MDN to recipient you specify in the Email Address field. 
Synchronous
Asynchronous
Because an AS3 client must connect to your FTP server to send and receive messages, MDNs for AS3 can only be returned Asynchronously as part of a new FTP session.  Depending on whether the user makes a clear or secure connection, MDNs will be returned either via FTP or FTPS. 
Email Address
If you selected the Forward MDN to Email check box, specify the address to which the email should be sent.
Inbound Message Security
Enforce Encryption
Force Signature
Force MDN Signature
Select any combination of Force EncryptionForce Signature and Force MDN Signature options to configure inbound message security for this Local FTP User Mailbox. If a message is received but does agree with these settings, an error is logged and the message is rejected. If a given setting is not selected (which is the default), the message will not be checked for conformance with that security setting.

Local AS3 certificates reference

The Certificates tab allows you to associate both a trading partner's signing and encryption certificate(s) with this mailbox, and also override your own Local Listener's signing and encryption certificates. 

Trading Partner's Certificates
Encryption Certificate
The certificate to be used for encrypting your trading partner’s messages. Specify a value explicitly or click Browse to navigate to the certificate that matches the one you received from your trading partner.
Signing Certificate
The certificate to be used for validating incoming messages from your trading partner. Specify a value explicitly or click Browse to navigate to the certificate that matches the one you received from your trading partner.
By default, the VersaLex application uses all the certificates in its certificate store to determine if the signature of the incoming data message is trusted.  To limit validation to a specified signing certificate (that is, the incoming data message is required to be signed with only that certificate), select the Signing Certificate check box and browse for the certificate to be used for validating message signatures
Use encryption certificate
If your trading partner is using the same certificate for signing and encryption (which is the general practice among most trading partners), select the Use encryption certificate check box to automatically populate the Signing Certificate field with the same certificate selected in the Encryption Certificate field
My Certificates
By default, the certificates you configured on the Certificates tab of the Local Listener panel are the certificates used to sign messages sent to your trading partner and decrypt messages received from your trading partner. See Configuring certificates for Local Listener.
Override Local Listener Certificates
Select this check box to enable fields where you can specify alternate certificates for signing and decrypting messages with this particular trading partner.  If you do override the default the certificates, remember to export and exchange these alternate certificates with your trading partner.

Configuring LDAP for Local FTP Mailbox

Use the LDAP tab to specify values to for this mailbox. The LDAP tab is enabled when you select the LDAP Usergroup check box on the FTP tab.

The values you specify on this tab supersede the values specified on the LDAP Settings or LDAP Server page.

Override System Settings
Select the Override System Settings check boxes to enable their related fields.
Base DN
The base organizational unit where the users are defined. Contact your directory administrator for the correct Base DN value.  (The Base DN value entered here can be overridden in a local user host LDAP mailbox.)
The examples the table below show sample base organizational units for the supported directory types. 
 
Directory Type Example Base DN
Active Directory OU=Employees,DC=company,DC=com
Apache Directory Services OU=Users,DC=example,DC=com
Lotus Domino O=SCNotes
Novell eDirectory O=Company Organization
DirX ou=Users,o=Company
Search filter
Optional. Used to limit the amount of information returned from the LDAP server when many users are defined. A more restrictive filter can be specified as a comma separated list. If necessary, contact your directory administrator to determine the appropriate attributes and values. You can override the value entered here in a local user host LDAP mailbox.
The following table contains example lists with sample attribute names and values.
 
Search Filter Description
department=EDI Limits the search to entries that have the attribute, department, with a value of EDI.
department=EDI,group=administrators Limits the search to entries that must match two attributes. The user must be in the EDI department and in theadministrators group.
department=EDI,telephoneNumber=800* Limits search to EDI department members with a telephone number starting with 800.
objectclass=person Limit the search to entries that are people if the Base DN contains other entries (for example, computers) and people.
!(userAccountControl:1.2.840.113556.1.4.803:=2) Excludes disabled accounts - in Active Directory, if an account is disabled, bit0x02 in the userAccountControlattribute value is on. 1.2.840.113556.1.4.803 is the rule object ID (ruleOID) for the LDAP bitwise AND operator.
If the value to search in has any of the following special characters, they must be substituted in the Search Filter with the corresponding escape sequence.
 
ASCII character Escape Sequence Substitute
* \2a
( \28
) \29
, \2c
\ \5c
NUL \00
/ \2f
Extend Search Filter
Used to append rules to the default search system filter. This field is enabled regardless of the status of the Override System Options check boxes.
List
Used to display a list of users and their attributes matching the Base DN and Search Filter.

Local FTP users mailbox advanced properties

Use the Advanced tab to set advanced properties for the Mailbox.

Active Mode Source Data Port
Specifies the FTP server source data port for Active Mode FTP when set to a value > 0. Default value is 0 where the data port is unspecified. Some FTP clients may require a specific port number (for example, 20) be used for the server data port.
Allow Duplicate Incoming AS3 Message IDs
Ignores messages with duplicate message IDs and allows reprocessing of the message.
Automatically Delete Retrieved Outbox Files
When this option is selected, delete (remove) each file retrieved from the user’s Outbox when the next FTP command is received from the client for a given FTP session. Files will only be deleted from the outbox (see Configuring local FTP user directories Tab) after retrieval from the defined Outbox directory or its subdirectories. The delete confirmation response will be contained in a multi-line response (for example, 150-Retrieve of 'test.edi' confirmed… ) for the next appropriate client command.
Possible valuesSelected or Unselected.
Base64 Encode AS3 Content
Base64 is the encoding format used by Multi-purpose Internet Mail Extension (MIME) for transmitting non-text material over text-only communications channels. Base64 is based on a 65-character subset of US-ASCII, enabling 6 bits to be represented per printable character
Canonicalize Inbound AS3 Signed Content
When this option is selected, a canonicalizer is used to ensure that ‘\r’ and ‘\n’ characters always occur together as ‘\r\n’.  This option may be used when the inbound signature hash verification fails and the trading partner is using OpenSSL to sign its messages.
Compression-Signing Order
When both signing and compression are enabled, this indicates which is applied first.
Email On Check Conditions Met
Send an email notification after running a CHECK command where the overall conditions of the check are met.  See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
Possible values: Email addresses separated by commas (,), semicolons (;), or colons ( : ).  The first address should be an internal email address.
Default value:The value specified for this property on the Options > Advanced panel (if set).
Email On Check Conditions Not Met
Send an email notification after running a CHECK command where the overall conditions of the check are not met. See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
Possible values: Email addresses separated by commas (,), semicolons (;), or colons ( : ).  The first address should be an internal email address.
Default value:The value specified for this property on the Options > Advanced panel (if set).
Email On Fail
If an error occurs during a command, email the error condition.  See Configuring email or execute based on results..
Possible values: Email addresses separated by commas (,), semicolons (;), or colons ( : ).  The first address should be an internal email address.
Default value:The value specified for this property on the Options > Advanced panel (if set).
Email On Flag
If a flagged event occurs, email the event. See Configuring email or execute based on results.
Email addresses separated by commas (,), semicolons (;) or colons (:). The first address should be an internal email address.
Possible values: Email addresses separated by commas (,), semicolons (;), or colons ( : ).  The first address should be an internal email address.
Default value:The value specified for this property on the Options > Advanced panel (if set).
Email On Repetitive Action Failures
When "Email On Fail" is enabled and the same failure occurs each time an action is run for a specific host, leaving this option unchecked suppresses emailing of the same alert multiple times.  If the same email alert continues to be suppressed after 24 hours, the suppressed email alert will be sent every 24 hours and after every system restart if the failure occurs again. When the failure is resolved an email alert will be sent.
Note: This feature only suppresses multiple emails if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts.
Possible valuesOn or Off
Default valueOn
Email On Repetitive Listener Failures
When "Email On Fail" is enabled and the same failure occurs each time an inbound message is processed by the Listener for a specific host, leaving this option unchecked suppresses emailing of the same alert multiple times. If the same email alert continues to be suppressed after 24 hours, the suppressed email alert will be sent every 24 hours and after every system restart if the failure occurs again. If the failure can be associated with a specific host, an email alert will be sent when the failure is resolved.  Failure resolution email alerts will not be sent for general Listener failures since it is not possible to determine that these types of failures have been resolved.
Note: This feature only suppresses multiple emails if the same failure occurs multiple times in a row. Suppression is not maintained across synchronized hosts.
Possible valuesOn or Off
Default valueOn
Email On Successful Copy
Send an email notification after copying a file using LCOPY.  See Configuring email or execute based on results.
Possible values: Email addresses separated by commas (,), semicolons (;) or colons ( : ).  The first address should be an internal email address.
Default value:The value specified for this property on the Options > Advanced panel (if set).
Email On Successful Receive
Send an email notification after successfully receiving a file.  See Configuring email or execute based on results.
Possible values: Email addresses separated by commas (,), semicolons (;) or colons ( : ).  The first address should be an internal email address.
Default value:The value specified for this property on the Options > Advanced panel (if set).
Email On Successful Send
Send an email notification after successfully sending a file.  See Configuring email or execute based on results.
Possible values: Email addresses separated by commas (,), semicolons (;) or colons ( : ).  The first address should be an internal email address.
Default value:The value specified for this property on the Options > Advanced panel (if set).
Execute On Check Conditions Met
After executing a CHECK command where the overall conditions are met, run a system command.  See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
Note: Note that if multiple files contribute to the conditions being met, and one of the file macros is in the command (e.g., %file%),  the system command will be executed repeatedly - once for each file.
Possible values: System command to be executed.
Default value: The value specified for this property on the Options > Advanced panel (if set).
Execute On Check Conditions Not Met
After executing a CHECK command where the overall conditions are not met, run a system command.  See Configuring email or execute based on results.
Note: This is a Cleo Harmony and Cleo VLTrader option.
Possible values: System command to be executed.
Default value: The value specified for this property on the Options > Advanced panel (if set).
Execute On Fail
If an error occurs during a command, run a system command.  See Configuring email or execute based on results.
Possible values: System command to be executed.
Default value: The value specified for this property on the Options > Advanced panel (if set).
Execute On Repetitive Action Failures

When Execute On Fail is enabled and the same failure occurs each time an action is run for a specific host, leaving this option unchecked suppresses multiple executions of the Execute On Fail command.  If suppression of execution of the command for this failure continues after 24 hours, the suppressed Execute On Fail command will be executed every 24 hours and after a system restart if the failure occurs again.  When the failure is resolved, the Execute On Fail command will be executed again.  Users must account for this by including the %status% macro variable for the Execute On Fail command (see Using macro variables) and then checking for a success or failure.    

Note: This feature only suppresses multiple executions of the Execute On Fail command if the same failure occurs multiple times in a row.  Suppression is not maintained across synchronized hosts.
Possible valuesOn or Off
Default valueOn
Execute On Repetitive Listener Failures

When Execute On Fail is enabled and the same failure occurs each time an inbound message is processed by the Listener for a specific host, leaving this option unchecked suppresses multiple executions of the Execute On Fail command.  If suppression of execution of the command for this failure continues after 24 hours, the suppressed Execute On Fail command will be executed every 24 hours and after every system restart if the failure occurs again.  If the failure can be associated with a specific host, the Execute On Fail command will be executed again when the failure is resolved. Users must account for this by including the %status% macro variable for the Execute On Fail command (see Using macro variables) and then checking for a success or failure. Executions of the "Execute On Fail" command for resolution of general Listener failures will not be done since it is not possible to determine that these types of failures have been resolved.

Note: This feature only suppresses multiple executions of the Execute On Fail command if the same failure occurs multiple times in a row.  Suppression is not maintained across synchronized hosts.
Possible valuesOn or Off
Default valueOn
Execute On Successful Copy
After successfully copying  a file using LCOPY, run a system command.  This command may be used for post-processing the file.  See Configuring email or execute based on results.
Possible values: System command to be executed.
Default value: The value specified for this property on the Options > Advanced panel (if set).
Execute On Successful Receive
After successfully receiving a file, run a system command.  This command may be used for post-processing the file.  See Configuring email or execute based on results.
Possible values: System command to be executed.
Default value: The value specified for this property on the Options > Advanced panel (if set).
Execute On Successful Send
After successfully sending a file, run a system command.  This command may be used for post-processing the file.  See Configuring email or execute based on results.
Possible values: System command to be executed.
Default value: The value specified for this property on the Options > Advanced panel (if set).
Fixed Record EOL Characters
End-of-line characters to be inserted and/or deleted.
Possible values0 to n characters. 
Special character sequences:
  • \r - carriage return
  • \n - new line (linefeed)
  • \f - form feed
  • \t - horizontal tab
  • \0 - null
  • \\ - backslash
Fixed Record Incoming Delete EOL
If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to look for and delete EOL characters while receiving a file.
Note: When using FTP ASCII mode, standard EOL characters may already be changing if transferring between Windows and Unix platforms.
Possible valuesOn or Off
Default valueOff
Fixed Record Incoming Insert EOL
If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to insert EOL characters while receiving a file.

Fixed Record Incoming Delete EOL and Fixed Record Incoming Insert EOL are mutually exclusive properties.

Possible valuesOn or Off
Default valueOff
Fixed Record Length
The fixed record length after which end-of-line characters need to be inserted and/or deleted.
Possible values0 - n
Default value0
Fixed Record Outgoing Insert EOL
If Fixed Record EOL Characters has been specified and Fixed Record Length is greater than 0, indicates to insert EOL characters while sending a file.
Note: When using FTP ASCII mode, standard EOL characters may already be changing if transferring between Windows and Unix platforms.
Possible valuesOn or Off
Default valueOff
High Priority
Indicates whether incoming and/or outgoing transfers through the mailbox should be treated as high priority. When both high priority and regular priority transfers are active, the high priority transfers get a larger portion of the available bandwidth. Go to Configure > Options > Other to set the High Priority Transfers Percentage Available Bandwidth (defaults to 75). See Other system options for more information.
Note: This is a Cleo Harmony and Cleo VLTrader option.
Warning: If the trading partner’s bandwidth (and not the Cleo Harmony or Cleo VLTrader application's) is limiting the transfer rate, then setting High Priority will not increase the transfer rate and will only result in potentially slowing down other Cleo Harmony or Cleo VLTrader transfers. Also, do not attempt to set High Priority Incoming or Outgoing on a host where the same instance of the Cleo Harmony or Cleo VLTrader application is both the client and server (for example, a local looptest).
Possible values:
  • Incoming
  • Outgoing
  • Both
Ignore Exception After Quit
Indicates to ignore any I/O errors that occur when attempting to read the SMTP server response after issuing a QUIT command.
Possible valuesOn or Off
Default valueOff
Include Failure In Subject Of Email
When specified, the exception message will be included in the email that is generated on failure.
Note: If the exception message exceeds 256 characters, it will be truncated.
Possible valuesOn or Off
Default value: The value specified for this property on the Options > Advanced panel
Interim File Extension
When applicable, specifies the temporary filename extension that a trading partner's client software uses while transferring a file.  For the transfer logging feature, the VersaLex application sets the transfer status to Interim Success rather than Success when a transfer with a temporary filename extension is finished. Then, when the trading partner client software renames the file to strip off the temporary filename extension, the VersaLex application inserts an additional Success entry into the transfer log with the resulting filename, thus marking the transfer as complete.  The dot preceding the extension can be included in the configured value, but it is not required.  If multiple temporary filename extensions are used, they can be separated by commas or semicolons.
LCOPY Archive
If specified, contains the directory for archiving LCOPY source files.
Possible values: Any local or shared directory. Macros can be used.  See Using macro variables (LCOPY Archive context).
Default value: The value specified for this property on the Options > Advanced panel, if any.
Log Individual LCOPY Results To Transfer Logging
When this option is enabled, a <send> and <receive> result is logged to the transfer log for each file copied.
Note: This is a Cleo Harmony and Cleo VLTrader option.
Possible valuesOn or Off
Default valueOff
Macro Date Format
Specifies the date format to be used when the %date% macro is used.
Possible values: See Using macro variables for information about usage and possible date/time formats.
Default value: The value specified for this property on the Options > Advanced panel, if any.
Macro Time Format
Specifies the time format to be used when the %time% macro is used.
Possible values: See Using macro variables for information about usage and possible date/time formats.
Default value: The value specified for this property on the Options > Advanced panel, if any.
Maximum Concurrent FTP Logins
The total number of logins allowed at any one time for this user. With the default value of 0, the number of concurrent connections per user will be limited the Maximum Concurrent FTP Logins Per User setting. A value other than zero will override the Maximum Concurrent FTP Logins Per User setting for this user.
Maximum Incoming Transfer Rate (kbytes/s)
Sets the maximum incoming transfer rate in Kbytes (1024 bytes) per second for each mailbox or host. The default value of 0 does not limit the transfer rate. The Maximum Incoming Transfer Rate system setting might also limit the transfer rates. The system Maximum Incoming Transfer Rate value is used unless this setting is more restrictive. For simultaneous transfers, the number of active transfers also affects individual transfer rates. See Advanced system options.
Possible values0 - n
Default value0
Maximum Outgoing Transfer Rate (kbytes/s)
Sets the maximum outgoing transfer rate in Kbytes (1024 bytes) per second for each mailbox or host. The default value of 0 does not limit the transfer rate. The system setting might also limit the transfer rates. The system Maximum Outgoing Transfer Rate value is used unless this setting is more restrictive. For simultaneous transfers, the number of active transfers will also affect individual transfer rates. See Advanced system options for more information about Maximum Outgoing Transfer Rate.
Possible values0 - n
Default value0
Outbox Sort
Controls the order in which multiple files are transferred for a PUT command.  If System Default is specified, the value set on the Configure > Options > Advanced tab takes precedence.  For Alphabetical ordering, the file extensions are not used to determine the sorted order unless they are needed to make the filenames unique.
Possible values:
  • System Default
  • Alphabetical
  • Date/Time Modified
Default valueSystem Default
PGP Compression Algorithm
Compression method used when OpenPGP packaging (with compression) is requested through the Mailbox Packaging tab. See Configuring mailbox packaging. If System Default is specified, the value set on the Configure > Options > Advanced tab is in effect.
Possible values:
  • System Default
  • ZIP
  • ZLIB
Default valueSystem Default
PGP Encryption Algorithm
Encryption method used when OpenPGP packaging (with encryption) is requested through the Mailbox Packaging tab. See Configuring mailbox packaging. If System Default is specified, the value set on the Configure > Options > Advanced tab takes precedence.
Possible values:
  • System Default
  • TripleDES
  • Blowfish
  • CAST5
  • DES
  • AES-128
  • AES-192
  • AES-256
  • Twofish
Default valueSystem Default
PGP Hash Algorithm
Signing method used when OpenPGP packaging (with signing) is requested through the Configuring mailbox packaging.  If System Default is specified, the value set on the Configure > Options > Advanced tab takes precedence.
Possible values:
  • System Default
  • MD2
  • MD5
  • RIPE-MD-160
  • SHA-1
  • SHA-256
  • SHA-384
  • SHA-512
Default valueSystem Default
PGP Integrity Check
When OpenPGP encrypting (see Configuring mailbox packaging), include an integrity check on encrypted data. Can be disabled for compatibility with certain OpenPGP implementation.
Possible valuesOn or Off
Default valueOn
PGP Signature Verification
Indicates whether or not signed inbound PGP messages should verified when inbound OpenPGP packaging is requested through the Mailbox Packaging tab. See Configuring mailbox packaging. In general, this property should be enabled.
Possible valuesOn or Off
Default valueOn
PGP V3 Signature
Retain Temporary Inbound Message Files
Leaves any files that are used while processing inbound messages in the temp\ folder. The default action is to delete these files after processing has completed.  These files can be helpful for problem diagnosis.
Note: Temp files are only created for large (> 2.3 meg) or compressed inbound messages.
RSA-OAEP Key Algorithm Parameter
Represents the type of mask generation and hash generation functions that are applied when the RSAES-OAEP key algorithm is in use. See RFC4055 for a further description of the mask and hash generation functions.
Possible valuesMGF1-SHA1MGF1-SHA256 or MGF1-SHA512
Default valueMGF1-SHA1
Store AS3 Raw Sent Message

Saves the content of the FTP header and raw (unprocessed) message sent to the remote client. The files are stored in the as3\sent\ directory under the VersaLex root path. These files may be useful in diagnosing problems, but should be disabled if disk space needs to be conserved.

Trigger At Upload Completion
When this property is not selected, the trigger is created when the next command is received after the file upload.
When this property is selected, the trigger is created when a file upload is completed (data channel is closed).
Note: For the FTP protocol, the end of file is signaled by the closure of the data channel. This makes it difficult to distinguish between successful and failed transfers accurately. Therefore, if this property is selected, it is possible that the trigger is created for an incomplete or failed transfer.
Note: There might be some use cases where a transfer is considered successful even if the client does not issue another command or log out. For example, if the client transfers a file and remains logged in until the next transfer (which could be several minutes later). In that use case, you should select the property.
Use AS3 Content Type for File Extension
By default, inbound messages that do not specifically contain the name of the target file to be saved are stored using the value of the Message-ID (of that message) with the .file extension.  When this option is selected, inbound messages without a target file name specifier will be stored using the Message-ID and the appropriate file extension based on the Content Type of the message.
Use External IP Address In PASV Response
Indicates for passive (pasv) mode that the external rather than the local IP address should be included in data port response to the FTP client.
Use Folded Headers For Outbound Messages
Enables or disables automatic line wrapping of HTTP headers exceeding 76 characters.  By default headers are not folded since some non-Cleo product remote hosts using Microsoft Internet Information Server (IIS) cannot handle folded headers properly. Unless your host has been pre-configured to enable folded headers, leave this setting cleared!
Possible valuesOn or Off
Default valueOff
Wait For Execute On
Indicates whether execution should wait for processing to complete within an Execute On FailExecute On Successful Copy,Execute On Successful Receive, or Execute On Successful Send command.  Note that this option does not apply to native AS400 execution.
Possible valuesOn or Off
Default valueOn
XML Encryption Algorithm
The method used to encrypt/decrypt files when XML Encryption packaging is requested through the Mailbox Packaging tab. See Configuring mailbox packaging .  If System Default is specified, the value set on the Configure > Options > Advanced tab takes precedence. 
Possible values:
  • System Default
  • TripleDES
  • AES-128
  • AES-192
  • AES-256
Default valueSystem Default
Zip Compression Level
Controls the level of compression for LCOPY -ZIP operations. If System Default is specified, the value set on the Configure > Options > Advanced takes precedence 
Possible values:
  • System Default
  • 9 - (Best Compression)
  • 8
  • 7
  • 6
  • 5
  • 4
  • 3
  • 2
  • 1
  • 0 - (No Compression)
Default value: System Default
Zip Subdirectories Into Individual Zip Files
Indicates whether or not subdirectories should be bundled for LCOPY –ZIP –REC operations.  When enabled, each first-level subdirectory (and all of its descendents) will be bundled together into an individual zip file.  The name of this zip file may optionally reflect the subdirectory name if an asterisk (*) is placed in the destination path.  Any files that are directly off the source root directory will not be copied. 
Possible valuesOn or Off
Default valueOn

Configuring mailbox packaging

Note: This section applies to all hosts, except the Local Commands host. For information about packaging for the Local Commands host, see Configuring Local Commands host.

Use the Packaging tab to configure encryption and decryption of payload files retrieved from the file system (or database payload repository) and stored to the file system (or database payload repository). 

The Packaging tab consists of two sections: Partner Packing and Local Packaging. See Configuring partner mailbox packaging and Configuring local mailbox packaging , respectively.

For each Partner and Local Packaging, there are two packaging schemes:  OpenPGP and XML Encryption. Both schemes use a public/private key pair established through a shared certificate to perform encryption and decryption. The OpenPGP option also supports digital signing.  See Cryptographic Services for general information regarding encryption and signing.

There are certain advanced properties that govern the details of the packaging selections.  These properties are listed in the following table.  See Setting advanced host properties for more information.

 
OpenPGP Properties XML Encryption Properties
PGP Compression Algorithm XML Encryption Algorithm
PGP Encryption Algorithm  
PGP Hash Algorithm  
PGP Integrity Check  
PGP Signature Verification  
PGP V3 Signature  

Configuring IP filtering for an FTP mailbox

Whitelist IP addresses are entered on the IP Filter tab of each local user mailbox. These IP addresses are the only addresses that will be allowed to log into the mailbox.
  1. Go to the IP Filter tab for your FTP mailbox.
  2. Click New to create a new entry or double-click an existing entry to edit it. Alternatively, you can right-click on the entry and selectEdit.
  3. Enter an IP address to be added to the whitelist.
    You can use both IPv4 and IPv6 addresses. IP addresses can be a single address or a range of addresses. The following are examples of valid IP addresses:
     
    IP Address Description
    * All IP addresses
    10.11.12.13 Single IPv4 address matching 10.11.12.13
    10.* IPv4 addresses in the range 10.0.0.0-10.255.255.255
    10.11.* IPv4 addresses in the range 10.11.0.0-10.11.255.255
    10.11.12.50-10.11.12.70 IPv4 addresses in the range 10.11.12.50-10.11.12.70
    fe80::79ba:8815:4f62:e386 Single IPv6 address matching fe80::79ba:8815:4f62:e386
    fe80::79ba:8815:4f62:e386-fe80::79ba:8815:4f62:ffff IPv6 addresses in the range fe80::79ba:8815:4f62:e386-fe80::79ba:8815:4f62:ffff
    fe80::79ba:8815:4f62:e386/90 IPv6 addresses matching the first 90 bits of address fe80::79ba:8815:4f62:e386
  4. Optionally, remove an entry by right-clicking it and selecting Remove.

Action Tab

The FTP Server does not independently invoke send and receive actions, but rather acts on the actions of the connected client.  Default collect and release actions are provided to allow the server to make sent and received files available for processing.

Collect Action

#Initialize inbound file
LDELETE recvfile.edit

#Merge all files received into recvfile.edit
LCOPY -DEL -APE %inbox%/* recvfile.edi

Release Action

#Release all not yet available files
LCOPY -DEL %outbox%/../* %outboxc%

See Composing an action and Local command reference for more information.

FTP Server Command Reference

Note: This section applies to the Cleo Harmony and Cleo VLTrader applications only.

The FTP Server allows users to log into the Cleo Harmony or Cleo VLTrader application and store and retrieve files using standard FTP (File Transfer Protocol) commands. A full description of the FTP commands is available in the RFC 959 specification. More detail on the FTP Security Extensions is available in RFC 2228.

The following FTP commands are accepted and processed by the Cleo Harmony or Cleo VLTrader FTP server.

Access Control Commands

 
Command Description
USER <username> Identifies the user to the FTP server. The <username> parameter is a string that must match one of the users previously entered into the Cleo Harmony or Cleo VLTrader application.
PASS <password> Verifies the identity of the user, since only specified user should know the password. The <password> parameter is a string specifying the user’s password. This command must be immediately preceded by the USER command.
PASS <password>/<newPassword>/<newPassword>/   Verifies the identity of the user and changes the user’s password. The <password> parameter is a string specifying the user’s current password and <newPassword> is a string specifying the user’s new password. This command must be immediately preceded by the USER command. The password must follow the configured password policy or the login will be considered a failure.
ACCT <account> Specifies the user’s account. This command is not required, and has no effect on the logon process.
CWD <pathname> Changes the current working directory to that specified by <pathname>. If <pathname> starts with a slash, the path is considered to be an absolute path. Otherwise, it is a path relative to the current working directory.
CDUP Changes the current working directory to the parent of the current working directory. This can also be accomplished with the CWDcommand.
QUIT Terminates the USER and closes the connection.

Transfer Parameter Commands

 
Command Description
PORT<host-port> This command and the <host-port> argument specify the data port to be used in data connection. The <host-port>argument is the concatenation of a 32-bit internet host address and a 16-bit TCP port address. This address information is broken into 8-bit fields and the value of each field is transmitted as a decimal number in character string representation. The fields are separated by commas. An example PORT command might be:

PORT h1,h2,h3,h4,p1,p2

where h1 is the high order 8 bits of the internet host address. This address and port are created by the client side and the server connects to the client’s data port.
PASV Requests the server to "listen" on a data port and to wait for a connection. The response to this command includes the host and port address this server is listening on.
TYPE<type-code> Specifies the data representation type. The <type-code> is either A (for ASCII) or I (for Image). Other values for<type-code> are not supported.
STRU<structure-code> Specifies the structure of the transferred file. The <structure-code> is either F (for File) or R (for Record). Other values for <structure-code> are not supported. This command has no effect on the files stored.
MODE<mode-code> Specifies the data transfer mode. Only S (for Stream) is supported.

Service Commands

 
Command Description
RETR<pathname> Causes the server to send the file specified by <pathname> from the server to the client on the data connection.
STOR<pathname> Causes the server to accept the data transferred through the data connection and to store the data as a file with name <pathname> at the server site.
STOU Causes the server to accept the data transferred through the data connection and to store the data as a file with a unique filename at the server site.
APPE<pathname> Causes the server to accept the data transferred via the data connection and to store the data in a file specified by<pathname> at the server site. If the file specified in the pathname exists at the server site, then the data is appended to that file; otherwise, the file specified in the pathname is created at the server site.
RNFR<pathname> Specifies the old pathname of the file/directory which is to be renamed. This command must be immediately followed by a "rename to" (RNTO) command specifying the new file pathname.
RNTO<pathname> Specifies the new pathname of the file/directory specified in the immediately preceding "rename from" (RNFR) command. Together the two commands cause a file/directory to be renamed.
DELE<pathname> Causes the file specified by <pathname> to be deleted at the server site.
RMD<pathname> Causes the directory specified in <pathname> to be removed as a directory (if the pathname is absolute) or as a subdirectory of the current working directory (if the pathname is relative).
MKD<pathname> Causes the directory specified in <pathname> to be created as a directory (if the pathname is absolute) or as a subdirectory of the current working directory (if the pathname is relative).
PWD Causes the name of the current working directory to be returned in the reply.
LIST<pathname> Causes a list to be sent from the server to the client. If <pathname> specifies a directory or other group of files, the server should transfer a list of files in the specified directory. If the pathname specifies a file then the server should send current information on the file. A missing <pathname> argument implies the user's current working or default directory. The details of the files are returned in Unix format not matter which platform the server is running on.
NLST<pathname> Causes a directory listing to be sent from server to client. The <pathname> should specify a directory or other system-specific file group descriptor; a missing <pathname> argument implies the current directory. The server will return a stream of names of files and no other information. The data will be transferred over the data connection as valid pathname strings separated by <CRLF>. This command is intended to return information that can be used by a program to further process the files automatically.
SITE <string> Used by the server to provide services specific to his system that are essential to file transfer but not sufficiently universal to be included as commands in the protocol. Currently, there are no available SITE commands.
SYST Used by the client to determine the system type on which the server resides. If the system type is Windows, then a system type of WIN32 is returned. Otherwise, Unix is returned.
STAT<pathname>

Status (not available during Transfer)

Causes a status response to be sent over the control connection in the form of a reply. Unlike the RFC 959 description of STAT, this command cannot be sent during a file transfer. However, this command can be sent between file transfers. If a <pathname> is specified, the command is analogous to the "list" command except that data is transferred over the control connection. If a wild-carded pathname is given, the server can respond with a list of file names and attributes associated with that pathname. If <pathname> is not given, the server returns general status information about the server FTP process. This includes current values of all transfer parameters.
HELP <string> Causes the server to send helpful information regarding its implementation status over the control connection to the user. The command takes an optional argument (for example, any command name) and returns more specific information as a response.
NOOP Does not affect any parameters or previously entered commands. It specifies no action other than that the server return an OK reply.

Security Extensions

 
Command Description
AUTH<mechanism>

The <mechanism> parameter specifies a security mechanism. This command is only available on the FTP/s Explicit ports.

  • SSL or TLS-P protect the control/data channels
  • TLS or TLS-C clear the protection of the control/data channels

It is suggested that AUTH SSL be specified for a secure connection and that this command would not be issued for the clear channel case.
PROT <level> The <level> parameter specifies the Data Channel Protection Level. Values of C (for Clear) or P (for Private/Encrypted) are supported.
PBSZ <size> Allows the FTP client and server to negotiate a maximum protected buffer size for the connection. A <size> of 0 (zero) is the only allowed size.
CCC Sets a protected command channel to clear-text.

FTP Extensions

 
Command Description
EPORT |<net-prt> <net-address>|<tcp-port>|

Allows for the specification of an extended address for the data connection. The network protocol field (<net-prt>) specifies format used for the <net-address> field. The <tcp-port> field specifies the client data port to use. A delimiter character (typically |) separates the fields. Example commands for IPv4 and IPv6 formats would be:

IPv4:        
EPRT |1|192.136.4.34|1964|
IPv6:        
EPRT |2|1677::3:670:45AC:76B3|1959|
MDTM<pathname> Returns the file modification time of the file specified by <pathname>.
SIZE<pathname> Returns the size, in bytes, of the file specified by <pathname>.
XMKD Same as MKD.
XPWD Same as PWD.
FEAT Returns the list of supported extended commands (such as commands beyond those originally described in RFC 959).
OPTS Allows optional command parameters to be set or reset. The Cleo Harmony and Cleo VLTrader applications currently do not offer any optional command parameters.
REST<position> The REST command must be the last command issued before the data transfer command that is to cause a restarted, rather than a complete, file transfer.  The <position> parameter specifies where the transfer is to be started. STREAM mode is supported (Block and Compressed are not).
 

Related articles

Comments

0 comments

Please sign in to leave a comment.