Before claiming Zimbra has changed a default schema (I don't have access to check) I'd diff the schema files from OpenLDAP and Zimbra. While I'm not going to do it here I'm pretty sure any changes will be confined to additional schemas supplied by Zimbra.
I'd also point out that it appears on a default ZCS installation LDAP only replies to the machine it's on, not external requests. So if deployed to a DMZ I'd still expect the firewall(s) to block any LDAP or LDAPS request from outside of a company. |