Service Account Federation

To my understanding, keycloak supports LDAP integration for Users and Groups, and for the link between them. When Keycloak recieves a un/pw combination it doesn’t recognize, it will try to look it up in LDAP (if it’s enabled).

Is it feasable to support the same thing for a Client Credentials (Service Account) flow?
I would like to allow Service Account Roles to come from LDAP. Preseeding the Service Account itself might be doable, but we have a legacy LDAP system that controls a broad spectrum of the Enterprise AuthN and AuthZ flow.

Linking Keycloak to this legacy system, will save us loads of integration coding, but I don’t know if it’s feasable to link these worlds together.

Anyone has some ideas regarding this?