Thanks for sharing your thoughts Andrew (and you too Nick). I really think that leveraging an existing information directory will go leaps and bounds for FreePBX in adoption (or lessen the opposition to consider it).
I think the idea you had about the sync process auto creating extensions (and all that goes along with it) based upon a user attribute is great, but might not be used as much as it could be. I create user accounts all the time but rarely add a new endpoint/extension when a new employee comes on-board. Most of the time the new user account is replacing someone that left and will occupy an already existing extension.
With regard to the capability of syncing with AD, I think the best implementations in software suites share some common features.I would consider them to be:
Sync configuration account validation - This already exists and is great.
Filterable results - I would love to be able to filter by AD group membership (on a primary group only - getting into nested group memberships is too complex). Usually AD is full of accounts (service accounts and otherwise) that may not need to be included for a phone extension. Using only an attribute as a qualifier is tricky to track down as it is a value inside applicable individual accounts. It is easy and accepted practice to list or view group membership.I realize the attribute is needed for the extension mapping, but the additional conditional filtering would be more straight forward in my opinion even if it is a dedicated attribute for extension use only.
Debugging - When things go wrong with disparate systems talking, being able to see both sides makes it easier to troubleshoot.
Sync process isolated from the account/extension association - It is most effective to have the association of the extension to AD account stored off separately rather than it dynamically being matched to an attribute when the Sync process runs. I don't know how this works now in FreePBX. When I switch authentication sources back and forth to FreePBX internal directory or AD it seems to still have the corresponding information saved (switching from AD to FreePBX internal directory lists the user manager associations created when using the quick create extension option). To say this another way, I don't know if the AD account to extension association is saved somewhere in the FreePBX database or if it is matching the attribute to the extension every time it syncs. My main concern with this comes out of stability and predictability. In some software solutions there is way to much power given to an connector that dynamically updates things.
As for the commercial aspect of this, I would say commercialize this whole feature. I and I suspect many organizations would gladly pay $75 for the ability to cut down on one more password users have to be aware of, remember, change, and otherwise manage.
Thanks,
Brian
