But a normal user isn't going to setup AD either. This will be done by sysadmins anyway, so stuff like being able to put the configuration into version control is actually useful for them. The "normal business" has lots of employee databases anyways and integration is actually a feature instead of needing to sync it with bespoke Microsoft internals.
So you can hook up all those internal employee databases to your new created libpam-mysql and hook it up all to slack or just use what Microsoft sells you.
I do not need to create it, it already exists. Yes, you can write your own pam module, but in general you do not need to.
> just use what Microsoft sells you.
Which means now your employees need to manually sync the MS and your internal databases. Depends on how much your employees time is worth for you. I mean a lot of companies do exactly that, but it is certainly not the cheaper option.
Also using what MS sells is also illegal. Not that anyone cares, as whole Europe ignores that, but when you meet a civil servant on the wrong foot, your company is toast.
