This is not "another way to access LDAP".
Zentyal embeds 2 different LDAP servers (that are however synchronized but with slightly different content, at least for what I understand):
- One, listening on port 389, is dedicated to Samba 4
- another one, listening on port 390 is what I would call "general purpose" LDAP server.
If memberof attribute is maintained in the "general purpose" LDAP server, then you can obviously use it, otherwise you will have to rely on another attribute.
The point is that LDAP protocol doesn't permit to "join" requests. You have to perform one single request that will target one single entry (meaning, e.g. you can't in same LDAP request, check for uid and look at groups content (BTW that's why memberof has been invented
)