add password policy example

fairclothjm · fairclothjm · commit 2a17c1304476 · 2025-10-14T11:26:53.000-05:00
diff --git a/content/vault/v1.18.x/content/docs/secrets/ldap.mdx b/content/vault/v1.18.x/content/docs/secrets/ldap.mdx
@@ -85,7 +85,7 @@ parameter:
 
 - `password` (Default): The engine will generate and manage standard RACF passwords.
 
-- `phrase`: The engine will generate and manage case-sensitive password phrases (14-100 characters).
+- `phrase`: The engine will generate and manage case-sensitive password phrases.
 
 #### Configuring Password Rules
 
@@ -101,7 +101,15 @@ password phrases, and links a password policy to enforce length and
 complexity.
 
 ```shell-session
-vault write ldap/config \
+$ cat > /tmp/password_policy.hcl <<-EOF
+length = 20
+rule "charset" {
+  charset = "abcdefghijklmnopqrstuvwxyz"
+  min-chars = 1
+}
+EOF
+$ vault write sys/policies/password/racf_password_policy policy=@/tmp/password_policy.hcl
+$ vault write ldap/config \
     binddn="$USERNAME" \
     bindpass="$PASSWORD" \
     url="ldaps://138.91.247.105" \
diff --git a/content/vault/v1.19.x/content/docs/secrets/ldap.mdx b/content/vault/v1.19.x/content/docs/secrets/ldap.mdx
@@ -85,7 +85,7 @@ parameter:
 
 - `password` (Default): The engine will generate and manage standard RACF passwords.
 
-- `phrase`: The engine will generate and manage case-sensitive password phrases (14-100 characters).
+- `phrase`: The engine will generate and manage case-sensitive password phrases.
 
 #### Configuring Password Rules
 
@@ -101,7 +101,15 @@ password phrases, and links a password policy to enforce length and
 complexity.
 
 ```shell-session
-vault write ldap/config \
+$ cat > /tmp/password_policy.hcl <<-EOF
+length = 20
+rule "charset" {
+  charset = "abcdefghijklmnopqrstuvwxyz"
+  min-chars = 1
+}
+EOF
+$ vault write sys/policies/password/racf_password_policy policy=@/tmp/password_policy.hcl
+$ vault write ldap/config \
     binddn="$USERNAME" \
     bindpass="$PASSWORD" \
     url="ldaps://138.91.247.105" \
diff --git a/content/vault/v1.20.x/content/docs/secrets/ldap.mdx b/content/vault/v1.20.x/content/docs/secrets/ldap.mdx
@@ -85,7 +85,7 @@ parameter:
 
 - `password` (Default): The engine will generate and manage standard RACF passwords.
 
-- `phrase`: The engine will generate and manage case-sensitive password phrases (14-100 characters).
+- `phrase`: The engine will generate and manage case-sensitive password phrases.
 
 #### Configuring Password Rules
 
@@ -101,7 +101,15 @@ password phrases, and links a password policy to enforce length and
 complexity.
 
 ```shell-session
-vault write ldap/config \
+$ cat > /tmp/password_policy.hcl <<-EOF
+length = 20
+rule "charset" {
+  charset = "abcdefghijklmnopqrstuvwxyz"
+  min-chars = 1
+}
+EOF
+$ vault write sys/policies/password/racf_password_policy policy=@/tmp/password_policy.hcl
+$ vault write ldap/config \
     binddn="$USERNAME" \
     bindpass="$PASSWORD" \
     url="ldaps://138.91.247.105" \
diff --git a/content/vault/v1.21.x (rc)/content/docs/secrets/ldap.mdx b/content/vault/v1.21.x (rc)/content/docs/secrets/ldap.mdx
@@ -85,7 +85,7 @@ parameter:
 
 - `password` (Default): The engine will generate and manage standard RACF passwords.
 
-- `phrase`: The engine will generate and manage case-sensitive password phrases (14-100 characters).
+- `phrase`: The engine will generate and manage case-sensitive password phrases.
 
 #### Configuring Password Rules
 
@@ -101,7 +101,15 @@ password phrases, and links a password policy to enforce length and
 complexity.
 
 ```shell-session
-vault write ldap/config \
+$ cat > /tmp/password_policy.hcl <<-EOF
+length = 20
+rule "charset" {
+  charset = "abcdefghijklmnopqrstuvwxyz"
+  min-chars = 1
+}
+EOF
+$ vault write sys/policies/password/racf_password_policy policy=@/tmp/password_policy.hcl
+$ vault write ldap/config \
     binddn="$USERNAME" \
     bindpass="$PASSWORD" \
     url="ldaps://138.91.247.105" \
