I am working on providing a read only ldap interface to the keycloak database via a custom partition for apache directory server .  In order to properly populate part of the tree, I will need to be able to pull a list of role members from the database.  

At present I'm using the keycloak/hibernate libraries to access our mysql database directly.  This seems to work well for most things.  Though, I can't seem to find a way to get from a role id to a list of the roles members.  Based on poking around in the code, it seems like there's an easy way to get the roles that a given user is a member of, but not the reverse.  Is there a path that I'm missing?  If not, I'd be happy to take a stab at implementing it myself.  I'm relatively new to hibernate though so it would likely take me a while to get it right.

I'd also be open to accessing the keycloak database using a different interface.  This just seemed like the best choice for my use case.

--
Andrew Zenk, EIT
Polar Geospatial Center
University of Minnesota
Office: (612) 625-0872
Cell: (612) 414-9617