Now that we have our Apache server with Mercurial up and running its time to secure it. We are going to do this using LDAP pointing to our Domino server so make sure your running LDAP on your Domino server before going any further. Once you know your LDAP server is working fine go back to your Ubuntu server and edit the Apache default site with the following command ( again you can use pico in place of vi if you wish )
sudo vi /etc/apache2/sites-available/default
Find the group of lines that start with and add these lines into that group
AuthName “Mercurial Server”
AuthLDAPURL “ldap://yourserver.com:389/O=YourOrg?CN?sub?(objectClass=*)” NONE
In the AuthLDAPURL line make sure you change it to use your LDAP server and root org. This particular LDAP setup uses the Common Name for the login user name. If you want to change it to shortname or email address you can adjust the CN part of the LDAP setup. Once you have made the changes go ahead and save the file.
We now need to enable the LDAP module in Apache and then restart the Apache server.
sudo a2enmod ldap
sudo a2enmod authnz_ldap
sudo /etc/init.d/apache2 restart
Now if you try to hit your Apache/Mercurial server using your web browser you should get prompted for a username and password. Try entering something that is not in your Domino Directory and the login should fail. Then try entering in something that is in your Domino Directory and you should be able to hit the Mercurial repositories list. If you have used CN for the login name as in the example above then dont forget you need to use the full common name like ‘Declan Sciolla-Lynch’ as the user name or the login will fail.
If everything is working then congratulations. You now have a Source Control Management server using Mercurial that is setup to use Domino LDAP as your authentication point…
But we are not finished yet. In the next few parts we will install a handy tool called phpHGAdmin which will make creating new Mercurial repositories on your server easier then having to learn Hg commands and having to edit the hgweb.config file manually all the time.
It’s been a few days since I’ve checked your blog and this topic is something I’ve been thinking about for some time. Thanks for the posts and keep ’em coming!