Setting Mercurial with Active Directory authentication and authorisation

I did a four part blog post for set up of Mercurial on IIS with Active Directory authentication and using hgwebdir.cgi for push authorization. It goes over the whole process of:

  • Setting up Mercurial's hg web interface on IIS.
  • Setting up the IIS authentication for Mercurial so that only users authorized by the active directory (i.e. security groups/users) can view/access the repositories either via the hg web interface or through the file system.
  • Configuring Active Directory authentication for Mercurial users, so only authorized users can see/access the repositories they have access to.
  • Configuring hgwebdir.cgi via hgweb.config to set push authorization for specified users to repositories.
  • Hiding hgwebdir.cgi using Helicon's ISAPI Rewrite in your repository's URL.
  • Customizing the style/feel of the hg web user interface to your own taste.

http://www.endswithsaurus.com/2010/05/setting-up-and-configuring-mercurial-in.html

I hope it's useful to people...


You can do it with Apache. Check how to restrict pushing in Apache at:

http://mercurial.selenic.com/wiki/PublishingRepositories#pushing

Seem above on the same file on how to configure mercurial, its permissions and all users allowed by Apache.

After you've setup mercurial and Apache, you can use mod_authnz_ldap to only allow access to Active Directory users:

http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

Don't forget to check the paragraph on Active Directory configuration.

That should be enough for you.

Best of luck,
João Miguel Neves