Here what you need to do to prevent new LDAP users from being able to create new forms and themes by default. This is a very quick reply; if you need more details, please say so and I will try to follow up.
Edit the index.php file, search around line 300-400 for this code:
$priv_administer = 0;
$priv_new_forms = 1;
$priv_new_themes = 1;
Change them to become:
$priv_administer = 0;
$priv_new_forms = 0;
$priv_new_themes = 0;