We are using plone.plugins.pas for retrieving users and groups from LDAP. So far, so good.
Is it possible to assign roles to LDAP groups directly as part of the site setup - either using Generic Setup or a resource registry configuration? Workaround would be to make the assignment via sharing on the root node.
A GroupAwareRoleManager should work?
Never heard 
but it seems to be a solution
When you create a Plone group in standard Plone and assign a group to roles then you can export the settings as portal_role_manager.xml.
Importing a related portal_role_manager.xml with LDAP groups has zero effect.
In the end I wrote a small script assigning groups to roles manually using portal_groups.editGroup() as used by the Plone groups controlpanel.