I'm perhaps going to start a long reply here. Sorry for this but some times, I don't know how to make it short and concise and accurate too.
- I can't comment about Synology because I never had to configure it and haven't even read documentation about this product.
- I'm still running Zentyal 2.2 because I don't need most of the features 3.0 brings. Some are really nice but some are just useless for my own purpose and have noticeable side effects. The "double LDAP" design is one of these drawbacks.
- I'm running 2 different NAS (because I don't like the idea of using Zentyal as both "internet gateway" and NAS for internal data):
# one is running OpenMediaVault which is fully configurable and successfully relies on Zentyal for account and group management.
# the other one is Netgear ReadyNAS: this one is less flexible and although it permits to "join Windows domain" in a way that is no more nor less than LDAP access. Thus it should work but Netgear is thinking that aside Microsoft, there is nothing else. As a result, relying on an LDAP server that is not true AD doesn't really work (at least for me)
What I mean with above comments is that:
- yes you could revert back to Zentyal 2.2 if 3.0 whistles and bells are not mandatory for you
- it doesn't mean however that it will work fine
Trying to help with you current configuration:
- I really don't understand elavionsistemas's point. I never looked at this youtube based howto (I don't like the idea) but I don't understand how changing admin interface port may have any impact on LDAP configuration
This is however a good practice. If you need any HTTPS service running on Zentyal either than admin interface, it is mandatory to change this admin port. I always do this at the very beginning of any Zentyal installation (and I don't understand why default install is not selecting another port)
- Selecting port 444 is a poor idea / proposal as this port is supposed to be used by SNPP. Better select port above 1024 and check twice that it is not in used.
- what can you do if you are in the middle between the need for Zentyal 3.0 and Synology that is not flexible ? Well, you could install somewhere (but not Zentyal) a small piece of code that will act as LDAP proxy. This will handle LDAP requests made on port 389 (because Synology can do anything else) and translate it into requests on port 390. Very long time ago I made a test with such program (from Sun when I was running Sun One directory). I know some others exist here and there. Have a look, it may save your day
Last but not least: if you can, run this on port 636 rather than 389: when binding with LDAP, password is sent using base64 encoding. This is not encryption thus clear password, reason why LDAPS should always be used when authentication occurs
I'll look at still existing LDAP proxy and will post here if I find one suitable.