Actually there isn't. It is all or nothing when it comes to authentication. You aren't actually selecting individual users to be LDAP you are selecting them through the system to import. Once an authentication method is determined then all accounts use that method for authentication.
If LDAP is selected then ALL accounts will use the LDAP system to authenticate that a user account exists, is valid, and then authenticate it against the system before allowing the user to log into ALM.
If QUALITYCENTER is used then all accounts are validated against the ALM maintained USER accounts and disregards the LDAP system (and it uses the pasword stored within the ALM system which may or may not be the same as the LDAP password depending on the password set initially by the admin or changed by the user).
There is no selectivity for account by account basis as to how they log in and authenticate to the system. If this were the case it would take much more coding on the backside and would alleviate many issues we see between the site admin account and the actual end users. This is why there is the option for another site admin account to be created at installation time to address this issue better by already having a second account that may be within the LDAP system. Not all create a second account but some do to address this issue. You can also add individual users to the Site Admin group through the site admin.
Hope this helps,