ldap: add mfa to LDAP login

2015-07-27 11:24:12 -07:00 · 2015-07-27 11:24:12 -07:00 · 8fa5a349a5
parent 5cf78d8ba2
commit 8fa5a349a5
1 changed files with 7 additions and 3 deletions
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@ -4,6 +4,7 @@ import (
 	"fmt"

 	"github.com/go-ldap/ldap"
+	"github.com/hashicorp/vault/helper/mfa"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
 )
@ -18,11 +19,13 @@ func Backend() *framework.Backend {
 		Help: backendHelp,

 		PathsSpecial: &logical.Paths{
-			Root: []string{
+			Root: append([]string{
 				"config",
 				"groups/*",
 				"users/*",
 			},
+				mfa.MFAPathsSpecial()...,
+			),

 			Unauthenticated: []string{
 				"login/*",
@ -30,11 +33,12 @@ func Backend() *framework.Backend {
 		},

 		Paths: append([]*framework.Path{
-			pathLogin(&b),
 			pathConfig(&b),
 			pathGroups(&b),
 			pathUsers(&b),
-		}),
+		},
+			mfa.MFAPaths(b.Backend, pathLogin(&b))...,
+		),

 		AuthRenew: b.pathLoginRenew,
 	}