Radius to AD. Radius is the standard for network authentication. So on a domain server install the NPS - being for Ethernet  port authentication including dynamic  VLAN association, being for WI-FI  SSID authentication - role and that is a radius server. then you configure a policy based on what you want for auth e.g. AD users.

 I recommend computer auth using certificates. then users can logon using wifi. If you do user auth they need to log on first and GPOs etc are fiddly. The very same applies to the Azure directory.

Nobody does deploy the crappy text-based  non-802.1x (!) LDAP methods Cisco promoted for several years in the early 21st century anymore. All these methods requirer non-standards compliant authentication plugins on the client as well as on the infrastructure. This became to sone extent popular in the Cisco  Wi-Fi controller world - where we started the replacement by true 802.1x deployments some two decades ago already with the world largest Microsoft Key Accounts on some 100k to 350k user base. Never heard about thise crazy ideas since then - and not a single complaint, too.