The captive portal of Zeroshell is able to authenticate the user against the following authentication source:
1) the local Kerberos 5 KDC
2) an external Kerberos 5 KDC such as an Active Directory domain controller
3) a trusted K5 Realm
4) a RADIUS server
If your users are stored in an LDAP server you could configure a FreeRadius server to use the LDAP backend. At that point you just need to configure the captive portal of Zeroshell to authenticate against the FreeRadius.