Custom Scenario help

Hi, this is my actual scenario:
1 vm UCS server ad AD/LDAP server
1 vm PrivacyIDEA conntacted to UCS as Realm and hosts resolver
1 external application that use UCS LDAP for users authentication.

Can I ask a privacyIDEA 2FA every time that user asks to authenticate in external application?
external application have only AD or LDAP connector.

if it is possible, how?

Thank you

may be ldap proxy - GitHub - privacyidea/privacyidea-ldap-proxy: LDAP Proxy to intercept LDAP binds and authenticate against privacyIDEA is that what you need? with it PI act as ldap server.
But I think it needs paid subsription if you have more than 50 users.