Ldap – Setting Mercurial with Active Directory authentication and authorisation

active-directoryauthenticationldapmercurial

I am evaluating the possibilities of moving my organisation to Mercurial, however I am stumbling on two basic requirements which I can't find proper pointers to.

How do I set up Mercurial's central repository to authenticate users with the central Active Directory and only allow them to push or pull if they have the right credentials?

How do I set up a Mercurial project repository to only allow users pertaining to a specific group to push/pull source code? We need this to have per-project authorisation.

On which HTTP servers (IIS or Apache etc.) are the above two requirements supported?

Apologies if I am asking something obvious or if I am missing something fundamental about how authentication and authorisation works.

Best Answer

I did a four part blog post for set up of Mercurial on IIS with Active Directory authentication and using hgwebdir.cgi for push authorization. It goes over the whole process of:

  • Setting up Mercurial's hg web interface on IIS.
  • Setting up the IIS authentication for Mercurial so that only users authorized by the active directory (i.e. security groups/users) can view/access the repositories either via the hg web interface or through the file system.
  • Configuring Active Directory authentication for Mercurial users, so only authorized users can see/access the repositories they have access to.
  • Configuring hgwebdir.cgi via hgweb.config to set push authorization for specified users to repositories.
  • Hiding hgwebdir.cgi using Helicon's ISAPI Rewrite in your repository's URL.
  • Customizing the style/feel of the hg web user interface to your own taste.

http://www.endswithsaurus.com/2010/05/setting-up-and-configuring-mercurial-in.html

I hope it's useful to people...

Related Topic