hgweb.cgi Push Authorization with Active Directory Groups
Haszlakiewicz, Eric
EHASZLA at transunion.com
Fri Jan 21 16:18:15 CST 2011
>-----Original Message-----
>From: mercurial-bounces at selenic.com [mailto:mercurial-bounces at selenic.com]
>
>I've seen a few posts on this list (and the internets) about using active
>directory with hgweb.cgi, but I've yet to see an actual solution to
>authorizing push privileges through active directory groups. I realize that
>you can configure per-repo user permissions by setting [web] allow_push =
>user1,user2,etc, but in our organization that is untenable; admins will
>have to add users to Active Directory as well as hgweb.
>
>I'm on IIS7, using hgweb.cgi with python 2.6, with Basic Authentication
>enabled at the server-level.
>
>I've read that setting file-system-level write permissions could work, but
>I can't test it yet... everyone who's currently using the system is a local
>admin! There will be many more users who are not admins soon, so I'm
>investigating push permissions.
>
>Has anyone had success with authorizing based on AD groups?
Doesn't a "hg push" result in a distinct http method being performed, e.g. something like a "PUT" rather than a "GET" or "POST"? If so, perhaps you can do your authorization within the web server config, only allowing certain users to do PUT's.
eric
More information about the Mercurial
mailing list