Mate, I don't have a clue how you've set up your corporate LDAP.
Have you discovered /zport/acl_users/<insert ldap name>/acl_users/manage_main ??
If you've got a sensible ou hierarchy, you can just do the correct tree search when defining user base dn. Otherwise, you should append appropriate attributes and/or be doing groupOfUniqueName searches for appropriately defined roles already exisiting in your ldap tree. This subsearch would be written into the 'additional user search filter'.
You really need to go and consult with whoever runs and manages your directory services for these answers.