External/Realtime extensions and SIP authentication

I have seen a few posts, but no replies on this topic and a few related ones.
Is there a way to integrate Asterisk and Active Directory? How about openDirectory? LDAP in general?
Ideally, I would assign each user an extension in AD and AD would authenticate their SIP phone.
The authentication could be done through radius, LDAP, AD, PAM, whatever.
The configuration would, ideally, offer a minimal schema alteration, allowing me to use templates in the flat files.
I have seen the dead Asterisk AD pages at asteriskad.sourceforge.net/nucleus/

The realtime LDAP module doesn’t (as far as I can tell) provide authentication, so it seems unsuitable.
The portaONE radius module does not (as far as I can tell) allow the extensions to be provisioned dynamically.
There existed a branch to include outside authentication for extensions, but now it appears dead.

If anyone can post their hints, rumors, solutions here, perhaps we could collect enough information for a solution. I’m sure I’m not the only one who would like to deploy asterisk into an existing enterprise without having to make a whole new user database and password list.

if you have done something like this successfully, please feel free to contact me as I have some consulting fees for you.