If we attach some keycloak roles to a group, can this association be synced back to LDAP? How should I config my User Federation Mapper for Group mapper? 

From what I understand we can set the Membership LDAP Attribute, but I think this is to associate between groups and users, not groups and roles. Is it possible to do this, or is the group-roles association can only be configured from keycloak?

Thanks