I have a subversion server running with apache. It authenticates users using LDAP in apache configuration and uses SVN authorizations to limit user access to certain repositories. This works perfectly.

Apache

DAV svn
SVNParentPath /srv/svn
SVNListParentPath Off
SVNPathAuthz Off
AuthType Basic
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthLDAPBindDN        # private stuff
AuthLDAPBindPassword  # private stuff
AuthLDAPURL           # private stuff
Require valid-user
AuthzSVNAccessFile /etc/apache2/dav_svn.authz

Subversion

[groups]
soft = me, and, all, other, developpers

Adding anonymous access from one machine

Now, I have a service I want to setup (rietveld, for code reviews) that needs to have an anonymous access to the repository. As this is a web service, accesses are always done from the same server. Thus I added apache configuration to allow all accesses from this machine. This did not work until I add an additional line in the authorization file to allow read access to user -.

Apache

<Limit GET PROPFIND OPTIONS REPORT>
  Order allow,deny
  Allow from # private IP address
  Satisfy Any
</Limit>

Subversion

[Software:/]
@soft = rw
- = r                    # <-- This is the added line

For instance, before I add this, all users were authenticated, and thus had a name. Now, some accesses are done without a user name! I found this - user name in the apache log files. But does this line equals to * = r that I absolutely do not want to enable, or does it only allows the anonymous unnamed user (that is allowed access only from the rietveld server)?