Changing the authentication order isn't supported on the controllers for guests, that's why there's not a control for it in the controller's GUI or in WCS. The online help file for the controller says that "...Client information is passed to the RADIUS authentication server first, and if the client information does not match a RADIUS database entry, this local database is polled. Clients located in this database are granted access to network services if the RADIUS authentication fails or does not exist."
This means that the authentication order for guests is RADIUS, Local. That's not adjustable.
If you have a significant need to be able to change this, I'd suggest that you contact your local Cisco SE, Cisco account team or Cisco authorized wireless reseller, and share your idea with them. The sales side of the house has procedures in place to accumulate customer inputs like this, and to forward them to the appropriate business units within Cisco for possible inclusion in future releases of Cisco's products.
I was mistaken--my apologies! Yes, web guest authentication order CAN be changed. It's on the actual WLAN, but it's still not in WCS. To get around that, you'll need to create a CLI template with the command
config wlan security web-auth server-precedence local ldap
then apply that CLI template to your controllers.
Sorry for the temporary insanity, and thanks to Steve Rodriguez for the polite kick in the head