There's no way to link groups and roles automaticaly imported from Tivoli Ldap.
Tivoli's configuration is:
role class: groupOfUniqueNames cn=ROLES
groups of the role:
grup class: groupOfUniqueNames cn=PROFILES
users of the group:
Users to groups can be linked perfectly, but there is no options to link and get user's roles through user->group->role
In attachment, the Tivoli configuration. Keycloak don't have a option to set a mapper in a way to get users roles through user
> group , group> roles relationship.