As Zentyal component, LDAP is primarily used to manage Zentyal users, meaning users accessing Zentyal services (like HTTP proxy, mail...)
Second point worth to be added here: I suppose because of the large Microsoft deployment all over the world, Zentyal targets a bit more such clients (when client OS matters, i.e. Samba to replace Windows domain, Zarafa to emulate Exchange).
Effort toward "full Linux" world are maybe seen with lower priority (well, this is my own personal opinion
)
So what? Does it mean you have to give up
No
If I understand well what you try to achieve, this can be done with NSS_LDAP and PAM_LDAP enabled client side.
PAM_LDAP, I believe you did it already because you already authenticate against Zentyal LDAP server.
NSS_LDAP is the right way to go instead of NIS
You have to configure, client side, NSS so that users and groups are read from LDAP.
What Zentyal web interface will not provide (but you found it to manually modify LDAP content already) is capability to customize LDAP entries.
Another aspect that may not be obvious is the RFC2307(non bis) implementation. Easy NSS_LDAP implementation assumes that groups are containing members (made of DN) while current Zentyal implementation is based of memberuid
This to said (trying to make this post not too long and boring) that PAM and NSS LDAP is the right way to go, this is feasible but not out-of-the-box if you target state of the art (RFC2307bis) design.