FreeBSD Apache Active Directory integration for Mercurial

Mercurial – Same as HG, for effective working with big code repositories. This is multiplatform distributed system for version control. Console program needs for programmers.

We assume, Domain controller installed and configured as below:

FreeBSD9.2 x64(10.10.10.210 – VmNet4)
In FreeBSD machine as DNS resolver we will use Active Directory IP address.
cat /etc/resolv.conf
nameserver  10.10.10.200

DC: mercurial.lan       (10.10.10.200 – Vmnet4)
OU: mercurial
Group: mercurial
We have 2 users: jamal and salman (Our users in the mercurial organization unit and member of mercurial group). We did this cause, apache22 only give access of mercurial group members.

# portsnap fetch extract update           – Update ports
# reboot                                  – Restart system for port updates

# cd /usr/ports/www/apache22              – Go to the Apache22 port path
# make config                             – Select needed modules
apache-modules1
apache-modules2
# make install          – Install

In install period select modules for apr1 port as below:
arp1-photo

Install Mercurial and needed components:
# cd /usr/ports/devel/mercurial && make install clean
# cd /usr/ports/devel/py-mercurialserver && make install clean

This is for apache wsgi:
# cd /usr/ports/www/mod_wsgi3 && make install clean

Create folder for mercurial configuration files:
# mkdir /usr/local/www/hg
# cp /usr/local/share/mercurial/www/hgweb.wsgi /usr/local/www/hg/

Edit hgweb.cgi configuration file:
# ee /usr/local/www/hg/hgweb.wsgi
config = “/usr/local/www/hg/hgweb.config” – Change path for configuration file

Edit /usr/local/www/hg/hgweb.config configuration file as below:
[web]
allow_push = *
push_ssl = false
 
[trusted]
users = *
 
[collections]
/usr/local/www/hg/repos = /usr/local/www/hg/repos

# mkdir /usr/local/www/hg/repos           – Create folder for repository.
# chown –R www:www /usr/local/www/hg      – Give access for this folder

Apache configuration.
Add apache to startup and include virtualhost folder:
# echo ‘apache22_enable=”YES”‘ >> /etc/rc.conf
# echo Include /usr/local/domen/* >> /usr/local/etc/apache22/httpd.conf
# mkdir /usr/local/domen/

Content of virtual domain mercurial.unixmen.com will be as follows:
# cat /usr/local/domen/mercurial.unixmen.com
<VirtualHost *>
        ServerName mercurial.unixmen.com
        ServerAlias www.mercurial.unixmen.com
        DocumentRoot /usr/local/www/hg
        ErrorLog /var/log/mercuri-error.log
        CustomLog /var/log/mercuri-access.log common
        WSGIScriptAlias / /usr/local/www/hg/hgweb.wsgi
<Directory “/usr/local/www/hg”>
        AllowOverride None
        order allow,deny
        Allow from all
</Directory>
<Location />
        AuthType Basic
        AuthBasicProvider ldap
        AuthBasicAuthoritative off
        AuthName “ENTER YOUR AD LOGIN & PASSWD”
 
        AuthLDAPURL “ldap://mercurial.lan:389/DC=mercurial,DC=lan?sAMAccountName?sub?(objectClass=*)”
        AuthLDAPBindDN  “administrator@mercurial.lan”
        AuthLDAPBindPassword “Zumrud123”
        Require ldap-group cn=mercurial,ou=mercurial,dc=mercurial,dc=lan
</Location>
<FilesMatch “\.(cgi|shtml|phtml|php)$”>
    SSLOptions +StdEnvVars
</FilesMatch>
</VirtualHost>

Create log files for virtual domain:
# touch /var/log/mercuri-error.log /var/log/mercuri-access.log
# chown -R www:www /usr/local/domen/      – Give access for apache22 to already included folder.

At the end in /usr/local/etc/openldap/ldap.conf file add the lines below and start the apache22 daemon:
# echo “REFERRALS off” >> /usr/local/etc/openldap/ldap.conf
# /usr/local/etc/rc.d/apache22 start

If you have not DNS servers you can add the virtual name in Windows desktops to the c:\windows\system32\drivers\etc\hosts file and open the name mercurial.unixmen.com domain in any web browser. Then just try login with jamal username.

If you want to debug, just add the LogLevel debug line to the  /usr/local/etc/apache22/httpd.conf file and restart apache22 web server. You will find details in the /var/log/mercuri-error.log log file.