Legacy SSO, user Admin role and group permission assignments

  • Updated

Target audience: Filespace administrators

Overview

Our users often wish to operate multiple Filespaces for various reasons and duplicate their Legacy SSO integration, with their users, groups, permissions between Filespaces for simplicity of uniformed user access.

You may require hosting separate Filespaces for production to archive data and ensuring the data layout and Filespaces appear to users exactly the same. Or data migrations between Filespaces hosted on different object storage providers.

The scripts within this article will focus on Legacy SSO user Admin role assignments, permission allocations and allow for hybrid Filespace configurations with built-in Lucid ACLs although you'll have to duplicate and follow the process outlined in this KB article.

If you only want to assign your user Admin roles, you don't have to run the permission importation script. You can run the scripts multiple times, to refresh configurations. Resynchronize your Legacy SSO to detect user and group changes, user Admin roles and/or permission allocations will be applied.

If you are performing a migration you might like to explore our Filespace data migration article and Migration Strategies article for general data movement concepts.

Please note, as of Filespace format 2.2 the legacy term “Shares” has been changed to “Permissions.” The provided scripts will adjust accordingly depending on the Filespace format detected.

Requirements

You require that your Legacy SSO is already synchronized with your users and groups available to perform the permission allocations. Perform your synchronization through the LucidApp Control Panel SSO integration menu.

You Legacy SSO users and groups are immediately available when synchronized. There is no need to create users or groups.

The scripts will synchronize Legacy SSO Azure and Okta users and group permission assignments and promote your Admin role users between your source Filespace and destination Filespace instances.

Linux and/or macOS (Bash)

1. Configure Filespace instances

    Source  Filespace

screen -S SourceFilespace -dm lucid --instance 1 daemon --fs source.domain --user root --password rootpwd --mount-point /media/source

    Destination Filespace

screen -S DestFilespace -dm lucid --instance 2 daemon --fs dest.domain --user root --password rootpwd --mount-point /media/dest

2. Download and make executable the script.

curl -O https://lucidlink-support.s3.amazonaws.com/scripts/Legacy/legacy_sso_permissions_script.sh
curl -O https://lucidlink-support.s3.amazonaws.com/scripts/Legacy/legacy_sso_admin_script.sh
chmod u+x *_script.sh

3. Allocate user Admin roles, listed permissions for users and groups.

./legacy_sso_admin_script.sh <fs1rootpwd> <fs2rootpwd>
If you've already copied the data and your directory structure exists your permissions will create successfully. If not Rsync directory structure only between Source and Destinations for permission creation.
rsync -av -f"+ */" -f"- *" "/media/source/" "/media/dest"

"The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.

./legacy_sso_permissions_script.sh <fs1rootpwd> <fs2rootpwd>

4. Clean up temporary files and script. 

rm legacy_sso_admin_script.sh legacy_sso_permissions_script.sh legacy_sso_admin_role.txt legacy_sso_admin_role_commands.txt legacy_sso_admin_role_output.txt sso_lucid_permissions.txt sso_lucid_permissions_commands.txt sso_lucid_permissions_output.txt

Remove Bash shell history

for i in $(history | grep 'lucid' | awk '{print$1}' | sort -nr); do history -d $i;done
for i in $(history | grep '_script.sh' | awk '{print$1}' | sort -nr); do history -d $i;done
sed -i -e '/lucid/d' ~/.bash_history
sed -i -e '/_script.sh/d' ~/.bash_history

Windows (PowerShell)

1. Configure Filespace source and target instances

    Source

Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 1 daemon --fs <source.domain> --mount-point s: --password <rootpwd>"

    Target

Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 daemon --fs <target.domain> --mount-point t: --password <rootpwd>"

2. Download the script.

Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/Legacy/legacy_sso_admin_script.ps1 -OutFile legacy_sso_admin_script.ps1
Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/Legacy/legacy_sso_permissions_script.ps1 -OutFile legacy_sso_permissions_script.ps1

3. Allocate user Admin roles, listed permissions for users and groups.

.\legacy_sso_admin_script.ps1 <fs1rootpwd> <fs2rootpwd>
If you've already copied the data and your directory structure exists your permissions will create successfully. If not Robocopy directory structure only between Source and Destinations for permission creation.
robocopy s: t: /e /xf * /r:0 /w:0

"The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.

.\legacy_sso_permissions_script.ps1 <fs1rootpwd> <fs2rootpwd>

4. Clean up temporary files and script. 

remove-item legacy_sso_admin_script.ps1,legacy_sso_permissions_script.ps1,legacy_sso_admin_role_log.txt,legacy_sso_admin_role_output.txt,legacy_sso_admin_role_error_output.txt,sso_lucid_permissions_log.txt,sso_lucid_permissions_output.txt,sso_lucid_permissions_error_output.txt

Remove PowerShell command-line shell history

clear-history -CommandLine *lucid*
clear-history -CommandLine *_script.ps1*
$HistorySavePath = (Get-PSReadlineOption).HistorySavePath; (Get-Content "$HistorySavePath") -notmatch "lucid" | Out-File "$HistorySavePath"
$HistorySavePath = (Get-PSReadlineOption).HistorySavePath; (Get-Content "$HistorySavePath") -notmatch "_script.ps1" | Out-File "$HistorySavePath"
Edge cases might be caused by special characters and/or unusual spacings within your permissions. These will hopefully be an anomaly in your configuration and can be simply recreated manually.
Alternatively adjust the default script regular expressions to account for your configuration. Please do not hesitate to reach out to support via a ticket. 

Was this article helpful?

0 out of 0 found this helpful