Very simple, install mod_auth_ldap, and then install a .htaccess file that looks like this:
AuthType Basic AuthName DDInternal AuthLDAPURL ldap://yourzimbraserver/dc=zimbra,dc=yourdomain,dc=com,dc=au require valid-user
The first part "yourzimbraserver" is the address of your Zimbra server running LDAP.
The second part "dc=zimbra,dc=yourdomain,dc=com,dc=au" is the domain you would like to authenticate against.
If you want that your customers authenticate with their email address, you just have to use the mail attribute.
<Location "/service"> AuthLDAPEnabled on AuthType Basic AuthName "Service" AuthLDAPURL ldap://127.0.0.1/?mail require valid-user </Location>
If you have Apache 2.2 or later, AuthLDAPEnabled doesn't work - use "AuthBasicProvider ldap" instead. Example:
<Location "/service"> AuthBasicProvider ldap AuthType Basic AuthName "Service" AuthLDAPURL ldap://127.0.0.1/?mail require valid-user </Location>
You can limit the access to certain users by adding
require user email@example.com
You may consider installing mod_ldap to cache your LDAP connections.
You can then use [Preauth] to do single sign on (sort of).