[keycloak-user] retrieving group membership info from LDAP/AD

Hi All, In our application, we integrate with Microsoft AD for authenticating users. As part of the authentication result, we also fetch group information for the user authenticated. We also have a pre-defined group-role mapping defined in the application server [This is a JEE configuration file]. This helps decide whether a particular user based on the role he belongs to can access a resource or not. I read another thread "Apply group membership filter on ldap login <http://lists.jboss.org/pipermail/keycloak-user/2015-December/003982.html> " on similar lines. Couple of clarifications. 1. Based on what I read there is no feature to get roles and map them to specific roles in keycloak and would be available in a future release. I just wanted to understand if my reading of this is on the right lines. Also, wanted to know if there's a workaround for this in the short term. 2. Also does keycloak provide fine grained access control on the lines of apache shiro? Thanks Prasad