"For example for federation, you need realm and user DB and you need to have realm configured with federation Provider"
In such cases you can use mocks, stubs and object factories.
"There is not much you can test within single module"
IMHO there are still few things which would be nice to test. Look at the first class in the module LDAP Config for example. There are few comments suggesting refactoring it in the feature. I find refactoring single class or classes with heavy integration test painful and insufficient. Look at spring framework code. There are plenty of small unit tests which test only one thing so that it is really well tested as a whole! I think good testing is especially important in case of open source - where everybody adds some code. For instance me :) For me LDAP it is a new topic, but I would like to add some code to this part ... so I expect to make o a lot of mistakes :D
"Btv. what's your plan for KEYCLOAK-1797"
And now the hardest part :) As I said, I'm new in this topic (LDAP) so I decided to wrap my head around it for a while - can you reccommend me any reading materials suitable for beginners?
"And in your LDAP environment, is it often that new role is added as member to some other roles?"
No .. but it is critical in my company.
"I wonder if we need to always do "deep" search in runtime, or if we can instead do it just at some point and rely on Keycloak composite roles . If you always need deep search and do something based on it, it will be good to have a flag in configuration, which will allow to disable it (for performance reasons)."
Thank you for the hint :) I couldn't agree more.