FreeBSD Apache Active Directory integration for Mercurial

Mercurial – Same as HG, for effective working with big code repositories. This is multiplatform distributed system for version control. Console program needs for programmers.

We assume, Domain controller installed and configured as below:

FreeBSD9.2 x64( – VmNet4)
In FreeBSD machine as DNS resolver we will use Active Directory IP address.
cat /etc/resolv.conf

DC: mercurial.lan       ( – Vmnet4)
OU: mercurial
Group: mercurial
We have 2 users: jamal and salman (Our users in the mercurial organization unit and member of mercurial group). We did this cause, apache22 only give access of mercurial group members.

# portsnap fetch extract update           – Update ports
# reboot                                  – Restart system for port updates

# cd /usr/ports/www/apache22              – Go to the Apache22 port path
# make config                             – Select needed modules
# make install          – Install

In install period select modules for apr1 port as below:

Install Mercurial and needed components:
# cd /usr/ports/devel/mercurial && make install clean
# cd /usr/ports/devel/py-mercurialserver && make install clean

This is for apache wsgi:
# cd /usr/ports/www/mod_wsgi3 && make install clean

Create folder for mercurial configuration files:
# mkdir /usr/local/www/hg
# cp /usr/local/share/mercurial/www/hgweb.wsgi /usr/local/www/hg/

Edit hgweb.cgi configuration file:
# ee /usr/local/www/hg/hgweb.wsgi
config = “/usr/local/www/hg/hgweb.config” – Change path for configuration file

Edit /usr/local/www/hg/hgweb.config configuration file as below:
allow_push = *
push_ssl = false
users = *
/usr/local/www/hg/repos = /usr/local/www/hg/repos

# mkdir /usr/local/www/hg/repos           – Create folder for repository.
# chown –R www:www /usr/local/www/hg      – Give access for this folder

Apache configuration.
Add apache to startup and include virtualhost folder:
# echo ‘apache22_enable=”YES”‘ >> /etc/rc.conf
# echo Include /usr/local/domen/* >> /usr/local/etc/apache22/httpd.conf
# mkdir /usr/local/domen/

Content of virtual domain will be as follows:
# cat /usr/local/domen/
<VirtualHost *>
        DocumentRoot /usr/local/www/hg
        ErrorLog /var/log/mercuri-error.log
        CustomLog /var/log/mercuri-access.log common
        WSGIScriptAlias / /usr/local/www/hg/hgweb.wsgi
<Directory “/usr/local/www/hg”>
        AllowOverride None
        order allow,deny
        Allow from all
<Location />
        AuthType Basic
        AuthBasicProvider ldap
        AuthBasicAuthoritative off
        AuthLDAPURL “ldap://mercurial.lan:389/DC=mercurial,DC=lan?sAMAccountName?sub?(objectClass=*)”
        AuthLDAPBindDN  “administrator@mercurial.lan”
        AuthLDAPBindPassword “Zumrud123”
        Require ldap-group cn=mercurial,ou=mercurial,dc=mercurial,dc=lan
<FilesMatch “\.(cgi|shtml|phtml|php)$”>
    SSLOptions +StdEnvVars

Create log files for virtual domain:
# touch /var/log/mercuri-error.log /var/log/mercuri-access.log
# chown -R www:www /usr/local/domen/      – Give access for apache22 to already included folder.

At the end in /usr/local/etc/openldap/ldap.conf file add the lines below and start the apache22 daemon:
# echo “REFERRALS off” >> /usr/local/etc/openldap/ldap.conf
# /usr/local/etc/rc.d/apache22 start

If you have not DNS servers you can add the virtual name in Windows desktops to the c:\windows\system32\drivers\etc\hosts file and open the name domain in any web browser. Then just try login with jamal username.

If you want to debug, just add the LogLevel debug line to the  /usr/local/etc/apache22/httpd.conf file and restart apache22 web server. You will find details in the /var/log/mercuri-error.log log file.