Allow anonymous access to parts of a secured Subversion repository

We face currently the problem to allow people access to parts of a subversion repository (1.5.x, soon 1.6.x), that is secure in other parts. Let me give you some details:

• We have a production server where a lot of projects have their own subversion repository.
• For each of the projects, there exists a section in our Apache config that looks like that:

      DAV svn
      SVNPath /export/subversion/PROJ1
      SVNAutoversioning on
      #Authentication
      AuthType Basic
      AuthName "Subversion PROJ1"
      AuthBasicProvider ldap
      AuthLDAPBindDN ""
      AuthLDAPBindPassword 'xxxxx'
      AuthLDAPURL "ldap://?sAMAccountName?sub?(objectClass=*)"
      Require valid-user
      #Authorization
      AuthzSVNAccessFile /etc/subversion/projects/PROJ1/authUsers
    

(does anyone know why the Location-block does not show up? If you know, please edit it correctly)

• We want that
  • All people may read documents stored in a special public directory without giving their user ID and password.
  • Everyone that tries to read something in a different directory will have to login to read that document.

Currently we have to copy the documents we want to share in a special subversion repository that is not secured, so that the people can read there. But we loose the possibilities of subversion, eg. the history of the files.

Is there any way we can reach such a setup: Apache web server, one subversion repository, some parts accessible to everyone without login, most parts secured by base login.

My buddy wrote an entry on this exact thing a while back:

https://digital.ai/catalyst-blog/authz-and-anon-authn-agony

He has a few suggestions in there about how you might handle this, although I'm not guaranteeing you'll agree with the options.