Sync from one read only AD LDAP to writeable LDAP user federation provider?

I’m trying to use Keycloak to map between groups provided by and AD to roles. The issue is the applications(Atlassian) require ldap backend. I would like to use Keycloak too provide a single interface to an external AD which maps groups to standardized groups/roles in an internal openLDAP/apacheds server in a k8s cluster. Is this possible or am I dreaming?

I’m facing this issue as well, I think one way to do this would be to sync the groups and roles from the AD to OpenLDAP, and then sync from OpenLDAP to Keycloak - so the Atlassian Suite will get the roles from OpenLDAP, and other OAuth-enabled apps can use Keycloak.

Did you find any other solutions?

By the way, did you manage to sync the groups over from AD correctly? I’m facing this issue How should I sync groups from AD (LDAP) to Keycloak?