Setting Mercurial with Active Directory authentication and authorisation

active-directory authentication ldap mercurial
10,191

Solution 1

I did a four part blog post for set up of Mercurial on IIS with Active Directory authentication and using hgwebdir.cgi for push authorization. It goes over the whole process of:

  • Setting up Mercurial's hg web interface on IIS.
  • Setting up the IIS authentication for Mercurial so that only users authorized by the active directory (i.e. security groups/users) can view/access the repositories either via the hg web interface or through the file system.
  • Configuring Active Directory authentication for Mercurial users, so only authorized users can see/access the repositories they have access to.
  • Configuring hgwebdir.cgi via hgweb.config to set push authorization for specified users to repositories.
  • Hiding hgwebdir.cgi using Helicon's ISAPI Rewrite in your repository's URL.
  • Customizing the style/feel of the hg web user interface to your own taste.

http://www.endswithsaurus.com/2010/05/setting-up-and-configuring-mercurial-in.html

I hope it's useful to people...

Solution 2

You can do it with Apache. Check how to restrict pushing in Apache at:

http://mercurial.selenic.com/wiki/PublishingRepositories#pushing

Seem above on the same file on how to configure mercurial, its permissions and all users allowed by Apache.

After you've setup mercurial and Apache, you can use mod_authnz_ldap to only allow access to Active Directory users:

http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

Don't forget to check the paragraph on Active Directory configuration.

That should be enough for you.

Best of luck,
João Miguel Neves

Share:
10,191

Related videos on Youtube

Martin Geisler
Author by

Martin Geisler

Hi! I've studied cryptography at University of Aarhus in Denmark. I now like in Zurich, Switzerland. I mostly work with Python, but also like functional languages like Haskell a lot. Currently, I work mostly with Rust, see my open source projects if you're curious. You can also take a look at my CV if you want to know where I've worked professionally.

Updated on September 17, 2022

Comments

  • Martin Geisler
    Martin Geisler almost 2 years

    I am evaluating the possibilities of moving my organisation to Mercurial, however I am stumbling on two basic requirements which I can't find proper pointers to.

    How do I set up Mercurial's central repository to authenticate users with the central Active Directory and only allow them to push or pull if they have the right credentials?

    How do I set up a Mercurial project repository to only allow users pertaining to a specific group to push/pull source code? We need this to have per-project authorisation.

    On which HTTP servers (IIS or Apache etc.) are the above two requirements supported?

    Apologies if I am asking something obvious or if I am missing something fundamental about how authentication and authorisation works.

  • LeBleu
    LeBleu over 9 years
    Using authnz_ldap transmits passwords unencrypted between the client and Apache. I'm trying to find out how to avoid that, but not having a lot of luck.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SVN + SASL + ActiveDirectory: How to
Java ldap authentication issue
ldapsearch - Strong(er) authentication required - Transport encryption required
Can a single user have multiple credential sets using MS Active Directory
How to work around a "logon workstations" restriction to the Domain Controller stopping authentication via LDAP
Central Authentication For Windows, Linux, Network Devices
Disable LDAP authentication on Ubuntu
Authenticating Apache HTTPd against multiple LDAP servers with expired accounts
Active Directory authentication load balancing and failover
How can I set up Redmine => Active Directory authentication?