I’m facing this issue as well, I think one way to do this would be to sync the groups and roles from the AD to OpenLDAP, and then sync from OpenLDAP to Keycloak - so the Atlassian Suite will get the roles from OpenLDAP, and other OAuth-enabled apps can use Keycloak.
Did you find any other solutions?
By the way, did you manage to sync the groups over from AD correctly? I’m facing this issue How should I sync groups from AD (LDAP) to Keycloak?