Hello and welcome! 
I think that might already be the culprit. In UCS, we have the following settings, if the App Active Directory compatible Domain controller (Samba/AD) is installed:
| Port | Service | TLS or StartTLS |
-------------------------------------
| 389 | Samba | StartTLS |
| 636 | Samba | TLS |
| 7389 | OpenLDAP | StartTLS |
| 7636 | OpenLDAP | TLS |I guess your configuration for Zentyal will most probably just work if you use port 389.
Please note, that Samba/AD make use of the memberOf attribute, while OpenLDAP does not (by default).
Maybe you already came across this blog post, but if not, I recommend it 
Best regards,
Michael Grandjean