Legacy SSO, user Admin role and group share assignments

David Bull
David Bull
  • Updated

Target audience: Filespace administrators

Overview

Our users often wish to operate multiple Filespaces for various reasons and duplicate their Legacy SSO integration, with their users, groups, shares between Filespaces for simplicity of uniformed user access.

You may require hosting separate Filespaces for production to archive data and ensuring the data layout and Filespaces appear to users exactly the same. Or data migrations between Filespaces hosted on different object storage providers.

The scripts within this article will focus on Legacy SSO user Admin role assignments, share allocations and allow for hybrid Filespace configurations with built-in Lucid ACLs although you'll have to duplicate and follow the process outlined in this KB article.

If you only want to assign your user Admin roles, you don't have to run the share importation script. You can run the scripts multiple times, to refresh configurations. Resynchronize your Legacy SSO to detect user and group changes, user Admin roles and/or share allocations will be applied.

If you are performing a migration you might like to explore our Filespace data migration article and Migration Strategies article for general data movement concepts.

Requirements

You require that your Legacy SSO is already synchronized with your users and groups available to perform the share allocations. Perform your synchronization through the LucidApp Control Panel SSO integration menu.

You Legacy SSO users and groups are immediately available when synchronized. There is no need to create users or groups.

The scripts will synchronize Legacy SSO Azure and Okta users and group share assignments and promote your Admin role users between your source Filespace and destination Filespace instances.

Linux and/or macOS (Bash)

1. Configure Filespace instances

    Source  Filespace

screen -S SourceFilespace -dm lucid --instance 1 daemon --fs source.domain --user root --password rootpwd --mount-point /media/source

    Destination Filespace

screen -S DestFilespace -dm lucid --instance 2 daemon --fs dest.domain --user root --password rootpwd --mount-point /media/dest

2. Download and make executable the script.

curl -O https://lucidlink-support.s3.amazonaws.com/scripts/Legacy/legacy_sso_share_script.sh
curl -O https://lucidlink-support.s3.amazonaws.com/scripts/Legacy/legacy_sso_admin_script.sh
chmod u+x *_script.sh

3. Allocate user Admin roles, listed shares for users and groups.

./legacy_sso_admin_script.sh <fs1rootpwd> <fs2rootpwd>
If you've already copied the data and your directory structure exists your shares will create successfully. If not Rsync directory structure only between Source and Destinations for share creation.
rsync -av -f"+ */" -f"- *" "/media/source/" "/media/dest"

"The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.

./legacy_sso_share_script.sh <fs1rootpwd> <fs2rootpwd>

4. Clean up temporary files and script. 

rm legacy_sso_admin_script.sh legacy_sso_share_script.sh legacy_sso_admin_role.txt legacy_sso_admin_role_commands.txt legacy_sso_admin_role_output.txt sso_lucid_shares.txt sso_lucid_shares_commands.txt sso_lucid_shares_output.txt

Remove Bash shell history

for i in $(history | grep 'lucid' | awk '{print$1}' | sort -nr); do history -d $i;done
for i in $(history | grep '_script.sh' | awk '{print$1}' | sort -nr); do history -d $i;done
sed -i -e '/lucid/d' ~/.bash_history
sed -i -e '/_script.sh/d' ~/.bash_history

Windows (PowerShell)

1. Configure Filespace source and target instances

    Source

Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 1 daemon --fs <source.domain> --mount-point s: --password <rootpwd>"

    Target

Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "--instance 2 daemon --fs <target.domain> --mount-point t: --password <rootpwd>"

2. Download the script.

Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/Legacy/legacy_sso_admin_script.ps1 -OutFile legacy_sso_admin_script.ps1
Invoke-WebRequest https://lucidlink-support.s3.amazonaws.com/scripts/Legacy/legacy_sso_share_script.ps1 -OutFile legacy_sso_share_script.ps1

3. Allocate user Admin roles, listed shares for users and groups.

.\legacy_sso_admin_script.ps1 <fs1rootpwd> <fs2rootpwd>
If you've already copied the data and your directory structure exists your shares will create successfully. If not Robocopy directory structure only between Source and Destinations for share creation.
robocopy s: t: /e /xf * /r:0 /w:0

"The path is invalid.
Request failed with: Bad Request" implies a possibility the directory structure does not exist.

.\legacy_sso_share_script.ps1 <fs1rootpwd> <fs2rootpwd>

4. Clean up temporary files and script. 

remove-item legacy_sso_admin_script.ps1,legacy_sso_share_script.ps1,legacy_sso_admin_role_log.txt,legacy_sso_admin_role_output.txt,legacy_sso_admin_role_error_output.txt,sso_lucid_shares_log.txt,sso_lucid_shares_output.txt,sso_lucid_shares_error_output.txt

Remove PowerShell command-line shell history

clear-history -CommandLine *lucid*
clear-history -CommandLine *_script.ps1*
$HistorySavePath = (Get-PSReadlineOption).HistorySavePath; (Get-Content "$HistorySavePath") -notmatch "lucid" | Out-File "$HistorySavePath"
$HistorySavePath = (Get-PSReadlineOption).HistorySavePath; (Get-Content "$HistorySavePath") -notmatch "_script.ps1" | Out-File "$HistorySavePath"
Edge cases might be caused by special characters and/or unusual spacings within your shares. These will hopefully be an anomaly in your configuration and can be simply recreated manually.
Alternatively adjust the default script regular expressions to account for your configuration. Please do not hesitate to reach out to support via a ticket. 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.