We got around this problem by creating a plugin (though it could have been done by external service) which manually dumps groups out of LDAP and adds them to gerrit as real gerrit groups named <organisation>.<group>.<group-name>.
It updates the gerrit groups with the real contents of ldap, keeping them in synch with changes every 5 mins or so. This also solved a confusing legacy issue we have with out unix groups that we have many called similar things with the same unix group id to get around historical limitations of NIS. i.e. we also coalesce these by group id.
The group's description in gerrit holds the original server and GID, so if groups ever rename we should rename in gerrit too.
The only operation we do not support is delete, (we just empty the group in gerrit) because AFAIK gerrit doesn't seem to support deletion of groups.
Once we've fixed anything that breaks as a result of group transition to note-db in 2.16, we might well opensource it if there's interest.