Does Apache Kafka natively support authentication with a Kerberos Server/LDAP using Roles/Groups instead of having to manually add users to the ACL and provision principals for each user. If so, how would one be able to authenticate with groups/roles in Apache Kafka?
Kafka has supported Kerberos via SASL/GSSAPI since version 0.9.
See SASL Security configuration for JAAS details.
When working with Kafka CLI commands, you may need env-var like so
# get a kerberos session
kinit ...
# setup JVM flags
export KAFKA_OPTS="-Djava.security.auth.login.config=/path/to/example/jaas.conf -Djava.security.krb5.conf=/etc/krb5.conf"
# run some kafka utility
kafka-console-...