I propose that the sync/import utilities be updated to account for username changes. At my work we can't use the option to create accounts upon login since that can create duplicate accounts if the user changed their username. Username changes happen often at my work as we have ~12000 users of Service Desk.
My thought was that their could be a control field for the pdm_ldap utilities to check for duplicates before creating/updating users. The default could remain at username but if there was an option to change it to another field that would be ideal. Currently we map employeeID in AD to contact_id in SDM, so in our case contact_id is the source of truth for user accounts.