Before Striker can modify data for existing LDAP accounts (password, ssh keys, etc) it must check for 2FA on the account and enforce token checks for 2FA enabled accounts. At the very least it must tell users with 2FA enabled that they cannot use Striker.
See also: