I am following this tutorial to setup gitolite and at some point the following ScriptAliasMatch is used:

ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/var/www/bin/gitolite-suexec-wrapper.sh/$1

And the target script starts with

USER=$1

So I am guessing this is used to forward the user name from apache to the suexec script (which indeed requires it). But I cannot see how this is done. The ScriptAliasMatch documentation makes me think that the /$1 will be replaced by the first matching group of the regexp before it. For me it captures from (?x)^/(.* to ))$ so there is nothing about a user here.

My underlying problem is that USER is empty in my script so I get no authorizations in gitolite. I give my username to apache via a basic authentication:

<Location />
   # Crowd auth 
   AuthType Basic
   AuthName "Git repositories"
   ...
   Require valid-user
</Location>

defined just under the previous ScriptAliasMatch.

So I am really wondering how this is supposed to work and what part of the mechanism I missed so that I don't retrieve the user in my script.