The FTP Client Connector is a transport Connector that requires a Parser to operate. The Connector reads or writes a data stream that can either be a file or a directory listing. Think of the FTP Client Connector as a remote read/write facility, not something you use to transfer files.
This Connector supports FTP Passive Mode, as per RFC959. Passive Mode reverses who initiates the data connection in a file transfer. Normally the server initiates a data connection to the client (after a command from the client), whereas passive mode enables the client to initiate the data connection. This makes it easier to transfer files when the client is behind a firewall.
With proper configuration, this Connector supports FTP over SSL (FTPS) connections, to provide secure transfers.
The FTP Client Connector supports FTPS and can perform secure transfers. This involves the use of a SSL/TLS layer below the standard FTP protocol to encrypt the control and/or data channels used by FTP. There are two common uses of FTPS:
The FTP Client Connector supports only implicit FTPS, so an SSL handshake must be performed before any transfer. As stated above the FTP protocol uses two channels to operate. The control (command) channel is used for sending commands to the FTP server and the data channel for data transfer. In order to allow greater granularity, the FTP Client Connector allows you to turn on SSL support for each of the channels.
Using the Security parameter, you can specify the following options: None, Use SSL on control channel, Use SSL on control and data channels. The first implies that no SSL support will be provided and no security benefits can be expected.
When Use SSL on control channel is selected, the control (command) channel uses SSL. In this case the certificate used by the FTP server must be added to the truststore of IBM® Tivoli® Directory Integrator (this truststore is set by the javax.net.ssl.trustStore property in the solution.properties file). That way the client can authenticate the server and communication will succeed. Also when using this option, remember to change the port used by the connector to the one that the server uses for FTP/SSL connections (the default is 990).
The other option providing SSL support is Use SSL on control and data channels. When this is selected, the client will attempt to negotiate a secure data channel besides securing the control channel. This is done by sending "PBSZ 0" and "PROT P" commands to the server. The PBSZ command defines the largest buffer size to be used for application-level encoded data sent or received on the data connection. However, since TLS/SSL handles blocking of data, a '0' parameter is used. The other command (PROT) defines the protection used for FTP data connections, where the "P" parameter stands for Private - TLS/SSL will be used, which provides Integrity and Confidentiality protection.
The Security parameter lists the allowed set of security options for the FTP Client Connector. However, when the connector is created using scripts there is one other option. Since its security parameters are passed as arguments when it connects to the FTP server (for example, connect(String host, String user, String password, boolean useSSLonCommandChannel, boolean useSSLonDataChannel) ), it is possible to enable SSL on the data channel and not on the control channel. This configuration implies that the client must connect to the SSL/TLS port of the server sending a plaintext message. The attempt certainly won't succeed, so the FTP Client Connector checks for this case and an error message is displayed when the AssemblyLine is started.
As stated above, the FTP Client Connector can operate in two modes: Active and Passive. In Passive mode, the FTP server waits for connections from the FTP Client Connector (for the command and data channels). When this occurs the server sends its certificate to the client and SSL communication is possible. In Active mode the situation is the same for the command channel, but this time the client listens for connections (for the data channel). In normal cases this would require the client to send its certificate to the server for validation. To overcome this problem, the SSL session is run in client mode - this means that the SSL roles are reversed (the TCP server acts as client and the TCP client as server, so again the server will send its certificate to the client). This is achieved by the setUseClientMode(true) method.
The FTP Client Connector uses a configured Parser for reading and writing. Therefore data is read from/written to the FTP server using this parser's Character Encoding parameter. If no such parameter is specified, the default character encoding of the platform running the IBM Tivoli Directory Integrator is used.
The Connector needs the following parameters:
From the Parser pane, you select the mandatory Parser. For example, Line Reader is a useful parser for list, or if you simply want to copy one file. The select dialog is activated by pressing the top-left Select Parser button.