...
To be compliant with the INFN policies the user has must be registered in INFN-AAI and:
- he/she must have a verified digital identity (LoA2)
- he/she must declare to have read and accepted the INFN rules for the use of IT resources
- he/she must have followed the "Corso di Sicurezza Informatica - BASE"
Actually the third bullet is not a strict requirement: if all the requirements but the last one are met, the request can be accepted, but please notify the user that he/she must follow the course within 30 days.
To check e.g. if the user whose family name is 'Sgaravatto' is compliant with all these rules, you can execute this ldapsearch query:
| Code Block | ||
|---|---|---|
| ||
$ ldapsearch -x -LLL -Z -h ds2.infn.it -b ou=People,dc=infn,dc=it "(&(sn=*sgaravatto*)(eduPersonAssurance=urn:mace:infn.it:loa2)(schacUserStatus=urn:schac:userStatus:it:infn.it:disciplinareict:approvato+on=*)(schacUserStatus=urn:schac:userStatus:it:infn.it:formazione:sicurezzainformatica-base:superato+on*))"
dn: infnUUID=ab9b2407-ac71-4642-8734-573246e1d0e2,ou=People,dc=infn,dc=it |
This will return a result, only if the 3 requirements are met
| Code Block | ||
|---|---|---|
| ||
l: pd
givenName: Massimo
sn: Sgaravatto
cn: Massimo Sgaravatto
telephoneNumber: +390499677360
mail: Massimo.Sgaravatto@pd.infn.it
|
Pre-check [5]
Select the relevant request and click on Action → Pre check.
...