Yep, that did the trick!
In combination with
auth immediately - Automatically redirect to the external login system without user interaction. This only takes effect when login_required is true, and there is only one external authentication method
this is what I was looking for.
Additional question: can I theme the LDAP login page, it’s not quite on par with the rest of the design…