From 8fa5a349a517a51f157d4b2a782c837e99cf6544 Mon Sep 17 00:00:00 2001
From: Bradley Girardeau <bgirarde@yelp.com>
Date: Mon, 27 Jul 2015 11:24:12 -0700
Subject: [PATCH] ldap: add mfa to LDAP login

---
 builtin/credential/ldap/backend.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go
index 855881867..c65f80f75 100644
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"github.com/go-ldap/ldap"
+	"github.com/hashicorp/vault/helper/mfa"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
 )
@@ -18,11 +19,13 @@ func Backend() *framework.Backend {
 		Help: backendHelp,
 
 		PathsSpecial: &logical.Paths{
-			Root: []string{
+			Root: append([]string{
 				"config",
 				"groups/*",
 				"users/*",
 			},
+				mfa.MFAPathsSpecial()...,
+			),
 
 			Unauthenticated: []string{
 				"login/*",
@@ -30,11 +33,12 @@ func Backend() *framework.Backend {
 		},
 
 		Paths: append([]*framework.Path{
-			pathLogin(&b),
 			pathConfig(&b),
 			pathGroups(&b),
 			pathUsers(&b),
-		}),
+		},
+			mfa.MFAPaths(b.Backend, pathLogin(&b))...,
+		),
 
 		AuthRenew: b.pathLoginRenew,
 	}