We're trying to map our ldap to oauth2, but lack the capability to connect roles to groups. I.e. you can add a role to a group in keycloak, but it won't be added to the groups/roles in ldap (to have that being resolved recursively). It would need settings in the role-ldap-mapper to define the ldap groups dn and membership attribute (+type + memberof attribute).
Furthermore, it'd be great to be able to define attributes mapped to ldap, as in the group-ldap-mapper.