Configuring Faspex with faspex.yml

This topic covers additional Faspex configuration options that can be applied in faspex.yml. These options include the following:

  • Hidden Directory Service (DS) features
  • Hidden password settings
  • Hidden self-registered users settings
  • Hidden metadata settings
  • Hidden package upload settings
Note: Modifying faspex.yml is for advanced administrative users only.
The faspex.yml file is located in the following directory: /opt/aspera/faspex/config/faspex.yml
Important: Be sure to back up faspex.yml before modifying.

The following tables describe hidden options, along with their default values, that can be added to the production section. For example, in order to require newly created users to reset their passwords the first time they log in, add the line below to the production section of faspex.yml.

  ForcePasswordResetForNewUsers: true
Note: Whenever faspex.yml has been modified, be sure to restart Faspex by running the following command:
asctl faspex:restart

Directory Services

Option Description Default
DsUsernameAttribute Specifies the DS attribute to use as the Faspex username. The chosen attribute should be unique.
Note: This option should be set before importing any DS users and should not be changed afterwards. Examples: mail, samaccountname (Active Directory).
Depends on attributes returned by directory service
DsSyncPeriod Specifies how much time must pass since the last synchronization operation in order for a group or user to be judged in need of another. 3600 (seconds) / 1 hour
DsCheckPeriod Specifies check period for synchronization operations. It is during these checks that the DsSyncPeriod parameter is used to determine if synchronization is necessary. 600 (seconds) / 10 minutes
DsSyncActiveState Determines whether to sync, or not. Valid values: true, false. true
CanonicalizeLdapGroupMemberSearch Causes Faspex to strip spaces out of DNs during comparisons that may prevent Faspex from properly identifying DS users. Should only be set to true if it is proven that your LDAP server is returning DNs with inconsistent spacing (for example, inserting or omitting spaces when user info is queried as part of an LDAP group vs. individually). Valid values: true, false. false


Option Description Default
StrongPasswordRegex A regular expression that can be used to customize strong password requirements. Changing this setting does not affect existing passwords, but any new password must match with this regular expression. Example: (?=.*[A-Z])(?=.*(\d|\W|_)).{7,} (?=.*\d)(?=.*([a-z]|[A-Z]))(?=.*(\W|_)).{6,}
StrongPasswordRequirements A description of the strong password requirements. Should match the regular expression specified by StrongPasswordRegex. Example: “Must be at least seven characters long, with at least one capital letter and one number or symbol.” “Must be at least six characters long, with at least one letter, one number, and one symbol.”
ForcePasswordResetForNewUsers Setting this option to true requires newly created users to reset their passwords the first time they log in. false

Self-Registered and External Users

Option Description Default
EnforceSelfRegisteredUserEmailUniqueness Prevents registering for an account using an email address that is already used by a full Faspex user (for example. not merely in use by an external email user record). Valid values: true, false. false (not enforced)
SelfRegistrationUsesEmailAsLogin Forces self-registering users to choose a login name that is in the format of an email address. This makes entering email address redundant but it is still required. Valid values: true, false. false (not enforced)
RequireExternalRecipientsToRegister When a package is sent to an external email address, the recipient is required to self-register with that email address as the account name in order to access the package. Valid values: true, false.
Important: Self-registration must be enabled. Otherwise, the recipient is redirected to "Page not Found". For more information, see Configuring Security Settings
Tip: You have the option of requiring admin moderation for users creating new accounts with self-registration. For more information on self-registration settings, see Enabling Self-Registration.
false (not enforced)

When external users download a package, the Connect logs and Connect manifests do not show the sender's username.



Option Description Default
SaveMetadataInPackage Whenever this option is set to "true" and the Save metadata to file checkbox is enabled on the Metadata Profiles page, the Create New Dropbox page, or the Edit Dropbox page, the metadata file is included inside packages, instead of being deposited in a package's root directory.

Set the SaveMetadataInPackage option in the "Production" section of the faspex.yml file.

For more information, see Applying Metadata Profile to Normal Packages.

ExcludeMetadataFromCookie This setting excludes metadata from Faspex cookies and also relaxes the length requirements on metadata from 2,000 characters per profile to 30,000 characters.
Note: When this option is enabled, IBM Aspera Console cannot report the metadata for Faspex transfers.

Package Upload

Option Description Default
PackageUploadTimeout The package upload timeout timer starts when a user sends a new package. Even if queued, if a package does not start within the package upload timeout, Faspex marks the package as "Upload never started" and sends a failure notification to the Upload CC list. Extend the duration to account for transfers that may stay queued longer than the default duration. 60

Accepted Hosts

Thie AcceptedHosts configuration defines a list of hostnames users can access Faspex through. If you try to log in to the web application from an unlisted hostname or perform a GET request with an unlisted hostname, Faspex returns the error, "Invalid hostname". To access Faspex from an alternate hostname, whitelist alternate hostnames by following the instructions in Configuring the Faspex Web Server.