This topic covers additional IBM Aspera Faspex configuration options that
can be applied in faspex.yml. These options include the following:
- Hidden Directory Service (DS) features.
- Hidden password settings.
- Hidden self-registered users settings.
Note: Modifying faspex.yml is for advanced administrative users only.
The
faspex.yml file is located in the following directory:
| OS Version |
Location |
| Windows 32-bit |
C:\Program Files (x86)\Aspera\Faspex\config\faspex.yml |
| Windows 64-bit |
C:\Program Files\Aspera\Faspex\config\faspex.yml |
Important: Be sure to back up faspex.yml before
modifying!
The following tables describe hidden options, along with their default values, that can be
added to the production section. For example, in order to require newly
created users to reset their passwords the first time they log in, add the line below to the
production section of faspex.yml.
production:
...
ForcePasswordResetForNewUsers: true
...
Note: Whenever
faspex.yml has been modified, be sure to restart Faspex by running the
following:
asctl faspex:restart
Directory Services
| Item |
Description |
Default |
| DsUsernameAttribute |
Specifies the DS attribute to use as the Faspex username. The chosen attribute should be unique. Note that this option should be set
before importing any DS users and should not be changed afterwards. Examples: mail,
samaccountname (Active Directory). |
Depends on attributes returned by directory service |
| DsSyncPeriod |
Specifies how much time must pass since the last synchronization operation in
order for a group or user to be judged in need of another. |
3600 (seconds) / 1 hour |
| DsCheckPeriod |
Specifies check period for synchronization operations. It is during these checks
that the DsSyncPeriod parameter is used to determine if synchronization is
necessary. |
600 (seconds) / 10 minutes |
| DsSyncActiveState |
Determines whether to sync, or not. Valid values: true, false. |
true |
| CanonicalizeLdapGroupMemberSearch |
Causes Faspex to strip spaces out of DNs
during comparisons that may prevent Faspex from
properly identifying DS users. Should only be set to true if it is proven that your LDAP
server is returning DNs with inconsistent spacing (e.g. inserting or omitting spaces
when user info is queried as part of an LDAP group vs. individually). Valid values:
true, false. |
false |
Password
| Item |
Description |
Default |
| StrongPasswordRegex |
A regular expression that can be used to customize strong password requirements.
Changing this setting will not affect existing passwords, but any new password must
match with this regular expression. Example: (?=.*[A-Z])(?=.*(\d|\W|_)).{7,} |
(?=.*\d)(?=.*([a-z]|[A-Z]))(?=.*(\W|_)).{6,} |
| StrongPasswordRequirements |
A description of the strong password requirements. Should match the regular
expression specified by StrongPasswordRegex. Example: “must be at least seven characters
long, with at least one capital letter and one number or symbol.” |
“Must be at least six characters long, with at least one letter, one number, and
one symbol.” |
| ForcePasswordResetForNewUsers |
Setting this option to true requires newly created users to reset their passwords
the first time they log in. |
false |
Self-registered Users
| Item |
Description |
Default |
| EnforceSelfRegisteredUserEmailUniqueness |
Prevents registering for an account using an email address that is already used
by a full Faspex user (i.e. not merely in use by an
external email user record). Valid values: true, false. |
false (not enforced) |
| SelfRegistrationUsesEmailAsLogin |
Forces self-registering users to choose a login name that is in the format of an
email address. This makes entering email address redundant but it is still required.
Valid values: true, false. |
false (not enforced) |
| RequireExternalRecipientsToRegister |
When a package is sent to an external email address, the recipient is required to
self-register with that email address as the account name in order to access the
package. Valid values: true, false. Important: Self-registration must be
enabled. Otherwise, the recipient will be redirected to Page not Found. For more
information, see Configure Security Settings
Tip: You have the option of requiring admin moderation for users creating
new accounts with self-registration. For more information on self-registration
settings, see Enabling Self-Registration.
|
false (not enforced) |
Metadata
| Item |
Description |
Default |
| SaveMetadataInPackage |
Whenever this option is set to "true" and the Save metadata to
file checkbox is enabled on the Metadata Profiles page, the Create New
Dropbox page, or the Edit Dropbox page, the metadata file aspera-metadata.xml is
included inside packages, instead of being deposited in a package's root directory.
Set the SaveMetadataInPackage option in the "Production" section of the
faspex.yml file.
|
false |