Good, that makes sense, then!
As you said, it is dependent on the distribution–to the best of my knowledge. For instance, in our CentOS days, the default when creating a new user account was to have a new uid and gid created, and thus identical. In openSUSE, the default is to create a new uid and set the default gid to the users group (gid: 100). That being said, it feels like there may be some standardization towards the former as I’ve seen, for instance, talks from the openSUSE folks to move away from the default gid:100 to a dedicated uid/gid for each new user (might be related to the security aspect you mentioned, for instance). Not sure if/when that would happen, though. All of this to say that it really depends.
You should be able to set the LDAP user as owner of a Share and then limit permissions for that Share as you wish at the owner level (Shares — Rockstor documentation). If you remove any permission to the Group or Other, then the Share should remain accessible to the owner only.
Note that there also are more options available to you with access control lists (Access control lists in Linux | Security and Hardening Guide | openSUSE Leap 15.6). While we do not offer a GUI for these yet, this is something that has been brought up already (ACLs on shares request · Issue #981 · rockstor/rockstor-core · GitHub) and I recently had to get myself a bit more acquainted with those (Access control with Active Directory and group based permissions - #9 by Flox) so personally, my interest in seeing these integrated has grown quite a bit.
By the way, what would be the workflow about which you are thinking with regards to home directories of your LDAP users? You would like to have their home dir created on their workstation(s) when they log into them, but have the data stored in Rockstor? Something else?