Hi - I’m doing some testing with keycloak 12.0.1 and LDAP. I’ve used the User Federation machinery to add an entry for my local OpenLDAP system, and then added a ‘group-ldap-mapper’ mapper to that user federation entry. It works well, in that I can click on the ‘Synchronize all users’ button, and see that the users are imported into the keycloak UI’s "Users’ page and the groups are imported into the keycloak UI’s “Groups” page, and I can see that users are mapped to groups and groups are mapped to servers.
But, when I use the keycloak REST API GET ‘users’ call, the ‘users’ return payload does not include the ‘groups’ parameter. Also, if I use (in Postman) the LDAP user to authenticate the ‘openid-connect/token’ REST API command, the group information is not included in the access token.