providers/ldap: add code-MFA support for ldap provider (#4354)

* add code support for ldap provider

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* only try to extract code when auth validator stage is encountered

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* use parseint instead

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

website/docs/providers/ldap/index.md

@@ -72,11 +72,15 @@ The following stages are supported:
 -   [Password](../../flow/stages/password/index.md)
 -   [Authenticator validation](../../flow/stages/authenticator_validate/index.md)
 
-    Note: Authenticator validation currently only supports DUO devices
+    Note: Authenticator validation currently only supports DUO, TOTP and static authenticators.
+
+    For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password `example-password` and the code `123456`, the input must be `example-password;123456`.
+
+    SMS-based authenticators are not supported as they require a code to be sent from authentik, which is not possible during the bind.
 
 #### Direct bind
 
-In this mode, the outpost will always execute the configured flow when a new bind request arrives.
+In this mode, the outpost will always execute the configured flow when a new bind request is received.
 
 #### Cached bind