We didn't really target the Gluu Server for this use case. Gluu is primarily about centralized authentication/authorization for HTTP.
I think you're on the right track with regard to using a PAM module for OpenLDAP. Did you look at PADL: http://www.padl.com/OSS/pam_ldap.html
Also, if you have budget for commercial support, you should talk to Symas about this use case. I think they could help you.