On Fri, 16 Sep 2011, JR Aquino wrote:
> On Sep 16, 2011, at 4:41 AM, "Alexander Bokovoy" <aboko...@redhat.com> wrote:
> > Can't we have a shortcut that allows to specify only name of the 
> > managed entry and we will expand it to full DN? Current approach is 
> > way error-prone for admins to accidently make a typo or two...
> It may look intimidating via email, but the tool provides --list to 
> show the exact line thats needed to copy past, it also does checks 
> to prevent accidental typos.
> The user isn't expected to know the full dn off the top of their 
> head :)
> The other nice thing is that the tool is not limited to only the 
> stock FreeIPA managed entries, so it will also list, enable, and 
> disable any custom user created managed entries, or future FreeIPA 
> entries without modification.
That is all fine but having *always* go through complete DN is simply 
wrong from user experience perspective. If we can have helper shortcut 
for most common cases for stock FreeIPA, we should do that.

For example, if DN provided by user does not include = sign, treat it 
as last component CN. That would already cover majority of cases.

/ Alexander Bokovoy

